Is it possible to point OJS 3.2.1-1 to jQuery version 3.5, instead of using jQuery version 3.3.1?

I’m using OJS 3.2.1-1, which points to jQuery 3.3.1, but our security scanners are flagging that version of jQuery as vulnerable and I need to be using jQuery 3.5 to be in compliance. Is this possible?

Hi @omaryoung,

You’re probably ok to run jQuery 3.5. I did a quick test and didn’t notice any major failures, although of course we haven’t tested thoroughly to identify potential breaking changes.

If you have enable_cdn set to On in your config file, you can change the version of jQuery you’re running by opening lib/pkp/classes/template/ and changing this line:

define('CDN_JQUERY_VERSION', '3.3.1');

To this:

define('CDN_JQUERY_VERSION', '3.5.1');

If you have disabled the cdn, then you’ll need to replace the files at /lib/pkp/lib/vendor/components/jquery/jquery.js and /lib/pkp/lib/vendor/components/jquery/jquery.min.js with updated copies.

I’ve filed an issue for us to update jQuery in a future version: Update jQuery to 3.5.1 · Issue #6232 · pkp/pkp-lib · GitHub