Folks,
As part of our remediation activity for vulnerabilities reported during pen test, one of the issue reported for "Outdated software may contain known vulnerabilities." and suggested us to migrate the jQuery from 1.6.3 to 3.3.1 and we had migrated the jQuery using nuggets in our .NET environment. This has opened up few issues as below,
Issue 1 :
Prior migration with jQuery 1.6.3 – In a web page, a user can select only one checkbox, when the user selects another check-box, already checked-one will be unchecked
After migration to jQuery 3.3.1 – In a web page, a user is able to select multiple items in the checkbox. See below image. Across browsers (IE, Edge, Chrome, Firefox) we are experiencing this.
Issue 2 :
Prior migration with jQuery 1.6.3 – Generate Report hyperlink was enabled in Firefox to view the reports.
After migration to jQuery 3.3.1 – Generate Report hyperlink is disabled in Firefox to view the reports.
One of the suggestion from our peers is to keep the jQuery as that is not extensively used in the application which is why I had raised the question.
My question :
1) Is it advisable to stay with jQuery 1.6.3 ? We have barrigates for CSRF, XSS (Persistent and reflected) attacks and our application is protected well, running in HTTPS with HSTS, "X-XSS-Protection" in the header.