Page 1 of 1

Is there a particular reason for old jQuery version? Safe to replace?

Posted: Sun Feb 18, 2018 6:01 pm
by digitaltoast
While poking around, I notice that even the latest 3.2.2 download contains jQuery 1.11.9 from January 24, 2014.
The current version of jQuery is 3.3.

I'm happy to just go ahead and drop in the latest version, but is it likely to break anything?

Yes, I know the obvious answer is "why don't you just try it", but jQuery is used in so many places... I was just wondering if there was a good reason for the 4 year old version, or whether updating it had just slipped by (and if so, should I file a ticket as a reminder for next version?).

Thanks.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Tue Feb 20, 2018 4:46 pm
by Sajaki
Interesting question, i just noticed it now too.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Tue Feb 20, 2018 7:06 pm
by david63
I might be wrong here but I think I read somewhere that some of the JQuery code that is in use with phpBB is incompatible with later versions and needs to be re worked. Also if phpBB does not need any of the new features in JQuery then there is little need to upgrade it - although that may not necessarily be true with some extensions.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu May 17, 2018 5:39 am
by primehalo
In the assests/javascript/core.js file they use $(window).load(phpbb.lazyLoadAvatars) and that .load() was removed from Jquery 3, but it was always just a shortcut for .on('load', fn) anyways so that one is easy to fix.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu Dec 06, 2018 5:55 pm
by Lon2
Any new developments on updating the included jQuery@1.11.0 on 3.2.4 to something newer/safe?

From my Google Audit:
Includes front-end JavaScript libraries with known security vulnerabilities
1 vulnerability detected
Some third-party scripts may contain known security vulnerabilities that are easily identified and exploited by attackers. Learn more.
Library Version
Vulnerability Count
Highest Severity
jQuery@1.11.0
Any help would be appreciated!

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu Dec 06, 2018 7:04 pm
by david63
I doubt that jQuery will be updated before phpBB 3.3 and it may even be replaced with another framework.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu Dec 06, 2018 7:07 pm
by 3Di
Well, if for security reasons it should. The Devs will see that I guess.

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu Dec 06, 2018 7:14 pm
by david63
If there is a known security issue then it should be posted in the bug tracker

Re: Is there a particular reason for old jQuery version? Safe to replace?

Posted: Thu Dec 06, 2018 7:20 pm
by 3Di
Agreed.