Hi. The reason for updating jquery is because the jQuery library in versions prior to 3.0.0 is vulnerable to Cross Site Scripting (XSS) attacks when a request is made type Ajax to other domains if the dataType option is not specified. It is specified in the jQuery Library vulnerable to XSS - CVE-2015-9251. So a patch should be released to cover this vulnerability for all versions of koha. I am currently using the version 18.11.05 Maintaining updated versions of the components on which koha depends (apache, mysql, jquery, java, perl, php, OS, etc.) allows us to have a secure system. Regards. El 28/07/2019 a las 07:00 p. m., koha-request@lists.katipo.co.nz escribió:

Send Koha mailing list submissions to koha@lists.katipo.co.nz

To subscribe or unsubscribe via the World Wide Web, visit https://lists.katipo.co.nz/mailman/listinfo/koha or, via email, send a message with subject or body 'help' to koha-request@lists.katipo.co.nz

You can reach the person managing the list at koha-owner@lists.katipo.co.nz

When replying, please edit your Subject line so it is more specific than "Re: Contents of Koha digest..."

Today's Topics:

1. Re: Update jquery (Owen Leonard) 2. Re: Update jquery (Paul A)

----------------------------------------------------------------------

Message: 1 Date: Sat, 27 Jul 2019 21:04:06 -0400 From: Owen Leonard <oleonard@myacpl.org> To: koha <koha@lists.katipo.co.nz> Subject: Re: [Koha] Update jquery Message-ID: <CAO4qe2N374D_0QhcOujPXz5506pEK2tJDUw1ndRcAXS0-1HRyw@mail.gmail.com> Content-Type: text/plain; charset="UTF-8"

...

install jquery v1.7. How can I upgrade to the latest stable version of jquery? I would like to hear more details about why you want to upgrade jQuery. I'm not aware of a reason to do so just for the sake of having the latest version.

-- Owen

--