I’m a pentester and have conducted a security assessment on a web app which uses Yii 1.1 (and 2.0 for an API) and have identified that there’s a JQuery 1.11.2 library present. This is considered insecure as it’s outdated, but the application developers tell me that this JQuery library is packaged with the Yii Framework itself.
Does anyone know the purpose of this library and whether it can safely be removed without breaking application functionality (or even better if Yii can be forced to use an up-to-date JQuery library instead)?
Any answers gratefully received! As I say I’m not a developer but rather a pentester so my knowledge of the inner workings of Yii is far from extensive!