jQuery 3.5.0

14 views
Skip to first unread message

Balázs Bence

unread,
May 7, 2020, 9:59:37 AM5/7/20
to Google AJAX APIs
Hi,

Recently WhiteSource flagged a vulnerability in 3.4.1:

        In jQuery before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.


Can you add 3.5.0 to google hosted libraries?


Thanks, 

Bence



Christian Oliff

unread,
May 7, 2020, 10:28:12 AM5/7/20
to Google AJAX APIs
FYI. jQuery 3.5.0 has a regression which breaks quite a few things. jQuery 3.5.1 is available now so that should be added too.


 thanks,

Philipp Wollermann

unread,
May 7, 2020, 10:53:37 AM5/7/20
to Google AJAX APIs
Hi,

Thanks for bringing this up. I'll upload jQuery 3.5.0 and 3.5.1 today to our CDN.

Cheers,
Philipp

Balázs Bence

unread,
May 7, 2020, 11:25:03 AM5/7/20
to Google AJAX APIs
thanks,

Bence

Travis

unread,
May 7, 2020, 9:26:37 PM5/7/20
to Google AJAX APIs
It's updated on the hosted libraries page but the URL doesnt even work: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Reply all
Reply to author
Forward
0 new messages