On Mon, Mar 20, 2023 at 12:02:35PM -0700, [email protected] wrote: > We have been notified by campus network authorities that our dspace server > is vulnerable because it is running outdated versions of jQuery. We are in > the process of creating a new dspace 7 server to replace this server, but > that will not happen in the short time that we have been given to fix this > vulnerability. > > How can we quickly upgrade jQuery on our server? Where can I find > instructions on updating the jQuery software in our xmlui in our instance > of dspace 5? Can our built process be modified to bring in more up to date > jQuery packages? > > EOL/Obsolete Software: jQuery 1.x and 2.x Detected > > - > > EOL Software:jQuery Version 1.x or 2.x Detected. > jquery/jquery-1.4.4.min.js
I don't know how much work is required to update to jQuery v3. Updating across two major releases might break a number of things. You'll find jQuery (and jQuery UI, which might need updating too) in various places. There is a copy of jQuery in 'dspace-xmlui/src/main/webapp/static/js' and another in 'dspace-oai/src/main/webapp/static/js'. Some XMLUI themes have their own copies (of various versions) typically at 'dspace-xmlui/src/main/webapp/themes/THEMENAME/lib`. You will also need to look for references to specific paths in the 'sitemap.xmap' for your theme, and update them to the new version. Replacing the '.js' file and updating the sitemap are the *minimum* that this task will require. If the newer version(s) break any of DSpace's usage, you'll need to fix those breakages. Reading the release notes for jQuery* v2 and v3 may help to focus on possible problems, but there will be a certain amount of "try updating the files and see what breaks." I can say that I've had very little trouble upgrading jQuery UI *within* major release 1, which may or may not be representative. I'm sorry that I don't have better news for you. -- Mark H. Wood Lead Technology Analyst University Library Indiana University - Purdue University Indianapolis 755 W. Michigan Street Indianapolis, IN 46202 317-274-0749 www.ulib.iupui.edu -- All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx --- You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/ZBnHUlvzLoakK/uZ%40IUPUI.Edu.
signature.asc
Description: PGP signature
