jQuery 3.5.0

Balázs Bence

unread,

May 7, 2020, 9:59:37 AM5/7/20

to Google AJAX APIs

Hi,

Recently WhiteSource flagged a vulnerability in 3.4.1:

In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.

Can you add 3.5.0 to google hosted libraries?

https://ajax.googleapis.com/ajax/libs/jquery/3.5.0/jquery.min.js

Thanks,

Bence

Christian Oliff

unread,

May 7, 2020, 10:28:12 AM5/7/20

to Google AJAX APIs

FYI. jQuery 3.5.0 has a regression which breaks quite a few things. jQuery 3.5.1 is available now so that should be added too.

https://blog.jquery.com/2020/05/04/jquery-3-5-1-released-fixing-a-regression/

thanks,

Philipp Wollermann

unread,

May 7, 2020, 10:53:37 AM5/7/20

to Google AJAX APIs

Hi,

Thanks for bringing this up. I'll upload jQuery 3.5.0 and 3.5.1 today to our CDN.

Cheers,

Philipp

Balázs Bence

unread,

May 7, 2020, 11:25:03 AM5/7/20

to Google AJAX APIs

thanks,

Bence

Travis

unread,

May 7, 2020, 9:26:37 PM5/7/20

to Google AJAX APIs

It's updated on the hosted libraries page but the URL doesnt even work: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js

Reply all

Reply to author

Forward