At Splunk, we focus continuously on the security of the Splunk Platform. As part of that effort we announced the deprecation of libraries older than jQuery v3.5 in early 2021. These changes will enhance the security of the product and will require some actions from you to update Classic (Simple XML) dashboards, HTML dashboards, applications installed from Splunkbase, and private applications (read more here: "Overview of the jQuery 3.5 upgrade - Splunk Documentation"). Starting in the second half of calendar year 2022, we plan to remove support for jQuery libraries older than v3.5 in new versions of Splunk Platform.
Your ACTION IS REQUIRED to prepare for removal of older jQuery libraries.
STEP 1: Update your Classic (Simple XML) and HTML Dashboards
1a. Update Classic (Simple XML) dashboards that use jQuery libraries prior to v3.5
Simple XML Dashboard version = 1.0
Dashboards load with older versions of jQuery
Simple XML Dashboard version = 1.1
Dashboards load with jQuery 3.5
Admins need to work with dashboard owners to update Simple XML dashboards to v1.1.
As a Splunk Admin, you can check the jQuery Upgrade dashboard to see which dashboards are affected. To open the jQuery Upgrade dashboard, open the Search & Reporting App and select Dashboards > jQuery Upgrade Dashboard.
1b. HTML dashboards have been deprecated and can be rebuilt in one of the following ways.
- I. Rebuild your HTML dashboards in Dashboard Studio. Dashboards created or rebuilt in Dashboard Studio don't need updates for jQuery 3.5.
For more information about Dashboard Studio, see What is the Splunk Dashboard Studio? in the Splunk Dashboard Studio manual.
For more information about building Simple XML dashboards, see Modify dashboards using Simple XML extensions.
NOTE: Do not update Classic (Simple XML) or HTML dashboards that are provided by a third party app developer. App developers will be required to update their apps and dashboards. You will only need to update Classic (Simple XML) or HTML dashboards that were created by end users in your organization.
STEP 2: Update public and private apps that use jQuery libraries prior to v3.5
Please ensure that you update all business critical Splunkbase and private applications in time for removal of older jQuery libraries. You may also review the jQuery Scan section in the Upgrade Readiness App, which has been introduced starting in Splunk Cloud Platform v8.2.2109 and Splunk Enterprise 8.2.5 to see which Splunkbase or private apps require an update. It is the third party app developer’s responsibility to ensure their applications are updated with jQuery v3.5. If you are worried the app will not be updated, you may try contacting the application owner through the app page on Splunkbase via the “Contact Developer” option.
STEP 3: Easily restrict jQuery libraries older than v3.5. No Splunk restart needed!
Once all dashboards and apps have been updated, we recommend you test the updates by restricting the jQuery libraries older than v3.5 in a test environment before making the final restriction in your production instance. Restricting/Unrestricting older jQuery libraries does not require a Splunk restart. This capability has been introduced in Splunk Cloud Platform 8.2.2203 and will only be available in versions that support jQuery libraries older than v3.5. You can access this capability from Settings > Server Settings > Internal Library Settings.
Not All Heroes Wear Capes!
Check out how Splunk Admin Gregg Daly used tooling provided in the Splunk Platform to restrict older versions of jQuery to make his company’s Splunk instance more secure, here.
Help us make your Splunk instance more secure. Please ensure your Splunk Platform instance, dashboards, premium solutions, Splunkbase applications as well as private applications are upgraded.
Note: This information is subject to change at any time, at the sole discretion of Splunk Inc. and without notice.