SonarQube uses jquery.2.2.4.min.js -- known CVE Issues - Update >= v3.5.0

Vulnerability scanners report our servers having a vulnerability due to the jquery.2.2.4 embedded version. We must mitigate this and update to at least version 3.5.0.

Sample path:

Please provide a patch or instructions on how we might temporarily replace/update locally, if possible. If unable to provide this, please provide an anticipated roadmap/timeline for remediation.

Hi @kirkpabk.

We do not use jQuery in SonarQube. You may have installed a third-party plugin that does so. Please contact them directly.

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.