According to the NIST link below, there is a security flaw affecting jQuery versions below 3.0.0. The security flaw, from how I understand, has to do with a missing dataType option in AJAX requests, resulting in a XSS vulnerability. I noticed that in my version of nopCommerce 3.9 all jQuery versions installed are 1.10.x. I also noticed that this is true for 4.0 as well. Are there any plans on upgrading jQuery for nop?
Hi, can I just update all third party libraries in the current version of nopcommerce, like 4.0. or the earlier versions ? Is it done just by changing the jquery.min.js file (and the corresponding others) ?
Is there a reason (beyond why-fix-it-if-it-is-not-broken) that 4.0 uses for example jQuery 1.10, it is a more than 5 years old package, the current version is 3.3 ? Are there some incompabilities if I change it to the current ?