-
FEATURED COMPONENTS
First time here? Check out the FAQ!
Hello ZK team ,
We have scan zk.jar of version 5.0.6 version in DCT scan it is showing vulnerability for files zk.jar\web\js\zk\ext\jquery.js and zk.jar\web\js\zk\ext\jquery.src.js and if we scan zk.jar of version 8.6.0.1 version then also it is showing vulnerability for same files zk.jar\web\js\zk\ext\jquery.js and zk.jar\web\js\zk\ext\jquery.src.js
how can we upgrade jquery version to 3.4.1 in zk jar. For jQuery versions before 3.4.0 all versions are coming in vulnerable list.
Can you please guide us on this situation ? Can you please let us know in which version of zk jquery version 3.4.1 is used ?
Regards, Ronak Joshi
jquery 3.4.1 is not used in any ZK version yet. ZK 9 will contain 1.12.4 ZK-3719
If it was that simple we would have already done it... sorry but as of now there's no simple upgrade approach.
However for your custom JS needs it is possible to use another jquery versions side by side ZK's internal version.
https://www.zkoss.org/wiki/ZK%20Client-side%20Reference/Introduction
ZK 5.0.6 is quite old, you should also consider upgrading your ZK version in order to get additional bugfixes (including important and even critical security fixes).
UPDATE: zk 9.1.0 contains jquery 3.5.1
Asked: 2019-09-03 16:01:26 +0800
Seen: 17 times
Last updated: Dec 07 '20
[ZK8.6 Preview] New media components coming soon!
Bug in Datebox with lenient=false and value 01.04.1981?
javascript cannot catch id of zul component. Please help.
failed to utilize getTop(), getLeft() on div(component). Please help.
Serving zul files from a directory outside web application