Topic: jQuery Version
It appears Juicebox is still using jQuery v1.7 which is causing our sites to fail pen tests due to jQuery vulnerabilities. How can this be fixed please.
Pages 1
You are not logged in. Please login or register.
Juicebox Support Forum → Juicebox-Pro Support → jQuery Version
It appears Juicebox is still using jQuery v1.7 which is causing our sites to fail pen tests due to jQuery vulnerabilities. How can this be fixed please.
and you get all kind of security warnings because 1.7 is old, insecure and obsolete
I have solved it by adding:
<script src="https://code.jquery.com/jquery-3.4.1.min.js" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous"></script> in my webpages with Juicebox
1.7 is in it because of IE8 support. This browser is no longer supported by present Windows builds
@arachnid
Thank you for sharing your solution.
@seanconnor
Juicebox does, indeed, come with its own version of jQuery (v1.7).
Unfortunately, this version of jQuery is bundled within the 'juicebox.js' JavaScript file which is obfuscated and cannot be modified (so the bundled version of jQuery cannot be removed or replaced by a user).
The developers are aware of the flags that this version of jQuery raises and this issue should be addressed for a future version of Juicebox (although I do not know when this might be).
In the meantime, overriding the bundled version of jQuery with a more recent version (arachnid's suggestion) might be the best course of action.
Being as this issue was raised way back in 2018 I would suggest this issue is not going to be resolved anytime soon, also as it seems there has been no development since 2017 I don't think we can use the product anymore.
It has certainly been a long time since the last version was released.
I'd like to see a new version sooner rather than later myself.
All I can say at this stage is that Juicebox is still alive and that work has started on the next version (although progress is slow and I do not know when it will be released).
It has certainly been a long time since the last version was released.
I'd like to see a new version sooner rather than later myself.
All I can say at this stage is that Juicebox is still alive and that work has started on the next version (although progress is slow and I do not know when it will be released).
I sincerely hope that support for anything less of Internet Explorer 11 is dropped
@arachnid
I agree (although it's a decision that only the developers can make).
Web browser market share statistics for versions of Internet Explorer prior to IE11 seem to have fallen off the radar.
Juicebox Support Forum → Juicebox-Pro Support → jQuery Version
Powered by PunBB, supported by Informer Technologies, Inc.