Is it possible to upgrade JQuery 3.2.1 to a more recent version in 8.0.1?
Thanks for your question.
The only way to upgrade jQuery is to upgrade Yellowfin due to syntactical changes within the code. Unfortunately, there is no way to upgrade jQuery independently.
Can I understand the reason behind this question?
It was reported that there were some vulnerabilities in 3.2.1 and the solution provided was to upgrade JQuery to a later version.
Not sure what constitute upgrading, say between 3.2.1 to 3.4 or 3.5, as to whether it is a minor or a major change, but as long as you can confirm that is not possible, then that would settle this case.
Otherwise, how would we circumvent these in YF?
That's if 8.01 is affected. Any chance you can find out?
I can confirm that jQuery is something that cannot be upgraded independently.
This vulnerability has been assessed, and it has been determined that we are not affected in current versions of Yellowfin. This wouldn't necessarily relate to the version of 8 that you are on, where the test was conducted using 8.0.5 and 9.2 which uses jQuery 3.4.1. I would say that if you are concerned about this vulnerability, upgrading Yellowfin is your only option.
Let me know if there is anything else I can clarify.
Thanks for confirming.
Since the only solution would be to upgrade, then the question remains, is 8.01 affected by these listed vulnerabilities as it uses JQuery 3.2.1?
If it isn't, then there would be no point to upgrade.
I'm honestly not sure, and I don't have the knowledge/tools to run these kinds of security tests. I can make contact with our Security Team later and see if they're able to shed some light on this. I'll get back to you once I hear from them.
Sure. That would be much appreciated if you could.
I've just received confirmation that the security tests performed regarding this issue also show that the version of jQuery you are using in 8.0.1 is not affected.
If you have any further questions, please don't hesitate to reach out. Otherwise, I will go ahead and mark this as answered.
Thanks for your support Simon.
Comments have been locked on this page!