Make Your App More Secure By Updating to jQuery® Version 3.5 or Newer

Certain Splunk apps have historically required jQuery libraries to function. jQuery is a JavaScript® library that makes it easier to write JavaScript compatible with many web browsers.

Many of those apps are written using jQuery 2.x and older, bundled with Splunk Enterprise and Splunk Cloud. We’re moving to support only jQuery 3.5+ as jQuery 1 and jQuery 2 will be end-of-life soon.

Reasons to Migrate to jQuery 3.5 or Newer

Upgrading to the latest version of jQuery makes your app more secure by fixing all XSS (cross site scripting attacks) related vulnerabilities as well as vulnerabilities created by native object prototypes. 

The upgraded version would potentially also improve app performance because of faster script execution time and loading time. Read more on jQuery's blog, here.

We're aware of how important this is to you and are going to do the right thing.

As we plan and engineer this change, Splunk is committed to:

• Maintaining the stability and security of Splunk software installations and the Splunk platform
• Providing sufficient, but not unlimited, time for our customers and developer community to transition
• Producing guidance and recommended practices for making the change in your environment
   

What You Need To Do Next 

• Assess your jQuery dependencies in the packaged libraries and if any file uses jQuery libraries from the internal Splunk library. Best practice going forward is to package all of your app’s dependencies in the app itself
• Evaluate how this change will impact your business
• Organize to migrate to jQuery to v3.5 or newer 
• Watch this space for next steps on how to execute the migration
• Contact us by email at jquery3.5-upgrade@splunk.com or at community.splunk.com with your questions or if you’re interested in providing feedback
   

----------------------------------------------------
Thanks!
Vidhi Agrawal