Make Your App More Secure By Updating to jQuery® Version 3.5 or Newer

By Splunk

Splunk will be deprecating use of older versions of jQuery and migrating to use of v 3.5.0 or newer soon. Here is what you need to know to start preparing for this upcoming migration.

Certain Splunk apps have historically required jQuery libraries to function. jQuery is a JavaScript® library that makes it easier to write JavaScript compatible with many web browsers.

Many of those apps are written using jQuery 2.x and older, bundled with Splunk Enterprise and Splunk Cloud. We’re moving to support only jQuery 3.5+ as jQuery 1 and jQuery 2 will be end-of-life soon.

Reasons to Migrate to jQuery 3.5 or Newer

Upgrading to the latest version of jQuery makes your app more secure by fixing all XSS (cross site scripting attacks) related vulnerabilities as well as vulnerabilities created by native object prototypes.

The upgraded version would potentially also improve app performance because of faster script execution time and loading time. Read more on jQuery's blog, here.

We're aware of how important this is to you and are going to do the right thing.

As we plan and engineer this change, Splunk is committed to:

Maintaining the stability and security of Splunk software installations and the Splunk platform
Providing sufficient, but not unlimited, time for our customers and developer community to transition
Producing guidance and recommended practices for making the change in your environment

What You Need To Do Next

Assess your jQuery dependencies in the packaged libraries and if any file uses jQuery libraries from the internal Splunk library. Best practice going forward is to package all of your app’s dependencies in the app itself
Evaluate how this change will impact your business
Organize to migrate to jQuery to v3.5 or newer
Watch this space for next steps on how to execute the migration
Contact us by email at jquery3.5-upgrade@splunk.com or at community.splunk.com with your questions or if you’re interested in providing feedback

----------------------------------------------------
Thanks!
Vidhi Agrawal

Splunking Microsoft Cloud Data: Part 3

A step-by-step guide for configuring and ingesting Exchange Online message tracking logs

Tips & Tricks 3 Min Read

Configuring Nginx Load Balancer For The HTTP Event Collector

Send data to Splunk w/o a forwarder using HEC (HTTP Event Collector); Perfect for log data over HTTP or IoT. Install Nginx with HTTPS support, then configure.

Tips & Tricks 1 Min Read

Make Your App More Secure By Updating to jQuery® Version 3.5 or Newer

Splunk will be deprecating use of older versions of jQuery and migrating to v 3.5.0 or newer. Here is what you need to know to start preparing for this upcoming migration.

About Splunk

The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.

Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.