V11.24.25 jquery vulnerabilities

Question

Hi Community.Our Riskassessment Team found some Issues with jQuery on our ContentMailSever/Exchange Online Access Systems. It seems they are using the jQuery Version 1.9.1 and it gets flagged for being EOL.All our installed Clients are on V11.24.25 and also have the Hotfix for the log4j Issue.Is there any timeline for replace the old jQuery Version in V11.24.x or do we need to update to V11.25 or even V11.26?Or is there a supported way, to replace the libs manually?

Mike Struening RETIRED · Accepted Answer

Sharing case solution:The Diag has to be installed on all the exchange mailbox access nodes.Minimum version 11.24.25Summary Upgrade jquery version for content store mail serverApplicable-packages ExchangeDatabaseiDataAgentLink [Expiry: 01/22/2022] UpdateBundle_Build1108123_Form3993The hotfix updated the jQuery Library. The new security report doesn't show it anymore.

Mike Struening RETIRED · Answer

@ADN GMBH, I looked and found thatWinX64_11.0.0B80-SP24_SP24-HotFix-457 replaced the 1.x version:Update jquery library for mail server dashboard since old jquery version(1.x) not supported.It’s possible this file is on the server, but not loaded.I would suggest opening a support case so they can track this down and confirm I am correct (and get an update to remove the old version altogether.Share the case number once you do.

V11.24.25 jquery vulnerabilities

4 replies

Incident 211220-187

Reply

Incident 211220-187

Reply

Sign up

Login to the community

Scanning file for viruses.

This file cannot be downloaded