Outdated JQuery Packaged With Yii Framework

Hi all

I’m a pentester and have conducted a security assessment on a web app which uses Yii 1.1 (and 2.0 for an API) and have identified that there’s a JQuery 1.11.2 library present. This is considered insecure as it’s outdated, but the application developers tell me that this JQuery library is packaged with the Yii Framework itself.

Does anyone know the purpose of this library and whether it can safely be removed without breaking application functionality (or even better if Yii can be forced to use an up-to-date JQuery library instead)?

Any answers gratefully received! As I say I’m not a developer but rather a pentester so my knowledge of the inner workings of Yii is far from extensive! :slight_smile:

jQuery bundled in framework was updated a year ago - I suggest to update Yii 1.1 framework used in project, it should also update jQuery.

1 Like

Recent discussion

1 Like

Thanks gents, I’ve advised the application developers to update the Yii Framework itself. Advice appreciated! :slight_smile: