I’m using OJS 3.2.1-1, which points to jQuery 3.3.1, but our security scanners are flagging that version of jQuery as vulnerable and I need to be using jQuery 3.5 to be in compliance. Is this possible?
Hi @omaryoung,
You’re probably ok to run jQuery 3.5. I did a quick test and didn’t notice any major failures, although of course we haven’t tested thoroughly to identify potential breaking changes.
If you have enable_cdn
set to On
in your config file, you can change the version of jQuery you’re running by opening lib/pkp/classes/template/PKPTemplateManager.inc.php
and changing this line:
define('CDN_JQUERY_VERSION', '3.3.1');
To this:
define('CDN_JQUERY_VERSION', '3.5.1');
If you have disabled the cdn, then you’ll need to replace the files at /lib/pkp/lib/vendor/components/jquery/jquery.js
and /lib/pkp/lib/vendor/components/jquery/jquery.min.js
with updated copies.
I’ve filed an issue for us to update jQuery in a future version: Update jQuery to 3.5.1 · Issue #6232 · pkp/pkp-lib · GitHub