Upgrade Your Splunk Instance to jQuery 3.5 in Three Simple Steps

At Splunk, we focus continuously on the security of the Splunk Platform. As part of that effort we announced the deprecation of libraries older than jQuery v3.5 in early 2021. These changes will enhance the security of the product and will require some actions from you to update Classic (Simple XML) dashboards, HTML dashboards, applications installed from Splunkbase, and private applications (read more here: "Overview of the jQuery 3.5 upgrade - Splunk Documentation"). Starting in the second half of calendar year 2022, we plan to remove support for jQuery libraries older than v3.5 in new versions of Splunk Platform.
Your ACTION IS REQUIRED to prepare for removal of older jQuery libraries.
STEP 1: Update your Classic (Simple XML) and HTML Dashboards
1a. Update Classic (Simple XML) dashboards that use jQuery libraries prior to v3.5
Because jQuery libraries affect Simple XML dashboards with custom JavaScript, dashboard versioning has been introduced starting in Splunk Cloud Platform v8.2.2105.2 and Splunk Enterprise 8.2.5.
Simple XML Dashboard version = 1.0 | Dashboards load with older versions of jQuery |
Simple XML Dashboard version = 1.1 | Dashboards load with jQuery 3.5 |
Admins need to work with dashboard owners to update Simple XML dashboards to v1.1.
As a Splunk Admin, you can check the jQuery Upgrade dashboard to see which dashboards are affected. To open the jQuery Upgrade dashboard, open the Search & Reporting App and select Dashboards > jQuery Upgrade Dashboard.
1b. HTML dashboards have been deprecated and can be rebuilt in one of the following ways.
- I. Rebuild your HTML dashboards in Dashboard Studio. Dashboards created or rebuilt in Dashboard Studio don't need updates for jQuery 3.5.
For more information about Dashboard Studio, see What is the Splunk Dashboard Studio? in the Splunk Dashboard Studio manual. - II. If Dashboard Studio is insufficient to replicate the functionality of your HTML dashboards, rebuild any remaining HTML dashboards as Classic (Simple XML) dashboards with custom JavaScript. Ensure that your new Simple XML dashboards rely on jQuery 3.5 or higher.
For more information about building Simple XML dashboards, see Modify dashboards using Simple XML extensions. - III. If you cannot replicate your HTML dashboards with either Dashboard Studio or a Simple XML dashboard with custom JavaScript, you can write a single-page application (SPA) and fully package it with all of its dependencies. For more information on how to do this, see Update to jQuery 3.5 | Documentation | Splunk Developer Program
NOTE: Do not update Classic (Simple XML) or HTML dashboards that are provided by a third party app developer. App developers will be required to update their apps and dashboards. You will only need to update Classic (Simple XML) or HTML dashboards that were created by end users in your organization.
STEP 2: Update public and private apps that use jQuery libraries prior to v3.5
Please ensure that you update all business critical Splunkbase and private applications in time for removal of older jQuery libraries. You may also review the jQuery Scan section in the Upgrade Readiness App, which has been introduced starting in Splunk Cloud Platform v8.2.2109 and Splunk Enterprise 8.2.5 to see which Splunkbase or private apps require an update. It is the third party app developer’s responsibility to ensure their applications are updated with jQuery v3.5. If you are worried the app will not be updated, you may try contacting the application owner through the app page on Splunkbase via the “Contact Developer” option.
STEP 3: Easily restrict jQuery libraries older than v3.5. No Splunk restart needed!
Once all dashboards and apps have been updated, we recommend you test the updates by restricting the jQuery libraries older than v3.5 in a test environment before making the final restriction in your production instance. Restricting/Unrestricting older jQuery libraries does not require a Splunk restart. This capability has been introduced in Splunk Cloud Platform 8.2.2203 and will only be available in versions that support jQuery libraries older than v3.5. You can access this capability from Settings > Server Settings > Internal Library Settings.
Please also see our jQuery 3.5 Upgrade Manual with detailed guidance for admins.
Not All Heroes Wear Capes!
Check out how Splunk Admin Gregg Daly used tooling provided in the Splunk Platform to restrict older versions of jQuery to make his company’s Splunk instance more secure, here.
Help us make your Splunk instance more secure. Please ensure your Splunk Platform instance, dashboards, premium solutions, Splunkbase applications as well as private applications are upgraded.
Note: This information is subject to change at any time, at the sole discretion of Splunk LLC and without notice.
----------------------------------------------------
Thanks!
Vidhi Agrawal
Related Articles
About Splunk
The world’s leading organizations rely on Splunk, a Cisco company, to continuously strengthen digital resilience with our unified security and observability platform, powered by industry-leading AI.
Our customers trust Splunk’s award-winning security and observability solutions to secure and improve the reliability of their complex digital environments, at any scale.