Dear Martin I actually configured with jQuery version 3 on Application, and on browser console showed jquery version with 3.6.0. But the scanner still find this url [https://mysite/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v-6233386130326534.js] appears. I know this resource is generated automatically by Wicket 8.13.0 (our project), and I don’t want this url resource be retrieved by scanner. How to do that?
From: Martin Grigorov <mgrigo...@apache.org> Date: Wednesday, October 20, 2021 at 14:17 To: users@wicket.apache.org <users@wicket.apache.org> Subject: Re: About jQuery 2.2.4 vulnerability Hi, On Wed, Oct 20, 2021 at 5:46 AM Shengche Hsiao <shengchehs...@gmail.com> wrote: > Dear All > > Recently, our website made a vulnerability scanning. The report shows > [/wicket/resource/org.apache.wicket.resource.JQueryResourceReference/jquery/jquery-2.2.4-v- > 6233386130326534.js] as a vulnerability library. How do I disallow output > this jquery version to avoid scan? > I don't understand your question. Please re-phrase if the following does not help you! You can upgrade jQuery by adding such code to YourApplication#init(): getJavaScriptLibrarySettings().setJQueryReference(new JavaScriptResourceReference(MyClass.class, "jquery-x.y.z.js")); you could use org.apache.wicket.resource.JQueryResourceReference#INSTANCE_3, for example > > Thanks >