No announcement yet.

jQuery Vulnerability

  • Filter
  • Time
  • Show
Clear All
new posts

  • jQuery Vulnerability

    We have vBulletin version 5.5.2 which uses the jQuery version 2.1.4

    McAfee Secure is complaining that such older jQuery have vulnerabilities and we need to upgrade to jQuery 3.4.1 or higher.

    Within Admin CP, I can specify whether I want to use Google or Microsoft or JQuery CDN. But all of them use the same old version 2.1.4

    I don't see any way to upgrade the jQuery.

    I could possibly replace the locally installed jQuery JS files, but this may break the forum.

    Any suggestions?

  • #2
    Someone has reported the same problem over two years ago at but I don't know if there is any solution to this yet.


    • #3
      Upgrading jQuery is on our todo list. We use our own AJAX transport though and rely on the server to clean the data coming in, not jQuery.

      To keep your site safe, don't allow users to post HTML on the site and rely on vBulletin's BBCode for formatting. In 5.5.4, we are adding features to allow you to set security headers for additional security. Among these headers is the ability to deny JavaScript from unknown domains.
      Translations provided by Google.

      Wayne Luke
      The Rabid Badger - a vBulletin Cloud customization and demonstration site.
      vBulletin 5 Documentation - Updated every Friday. Report issues here.
      vBulletin 5 API - Full / Mobile
      I am not currently available for vB Messenger Chats.


      Related Topics