Skip to main content
Solved

V11.24.25 jquery vulnerabilities

  • December 16, 2021
  • 4 replies
  • 232 views

Forum|alt.badge.img+6

Hi Community.

Our Riskassessment Team found some Issues with jQuery on our ContentMailSever/Exchange Online Access Systems. It seems they are using the jQuery Version 1.9.1 and it gets flagged for being EOL.

All our installed Clients are on V11.24.25 and also have the Hotfix for the log4j Issue.
Is there any timeline for replace the old jQuery Version in V11.24.x or do we need to update to V11.25 or even V11.26?

Or is there a supported way, to replace the libs manually?

Best answer by Mike Struening RETIRED

Sharing case solution:

The Diag has to be installed on all the exchange mailbox access nodes.

Minimum version 11.24.25
Summary Upgrade jquery version for content store mail server
Applicable-packages ExchangeDatabaseiDataAgent
Link [Expiry: 01/22/2022] UpdateBundle_Build1108123_Form3993



The hotfix updated the jQuery Library. The new security report doesn't show it anymore.

View original
Did this answer your question?

4 replies

Mike Struening
Vaulter
Forum|alt.badge.img+23

Hi @ADN GMBH , hope all is well!

Let me look into that one and get back to you.  I’m keenly aware of the details regarding log4j, but not the jQuery concern.


Mike Struening
Vaulter
Forum|alt.badge.img+23

@ADN GMBH , I looked and found that WinX64_11.0.0B80-SP24_SP24-HotFix-457 replaced the 1.x version:

Update jquery library for mail server dashboard since old jquery version(1.x) not supported.

It’s possible this file is on the server, but not loaded.

I would suggest opening a support case so they can track this down and confirm I am correct (and get an update to remove the old version altogether.

Share the case number once you do.


Forum|alt.badge.img+6
  • Author
  • Byte
  • 20 replies
  • December 20, 2021

Hi Mike,

 

hope you are doing well, too.

We opened a ticket to get support to take a look.

 

Incident 211220-187


Mike Struening
Vaulter
Forum|alt.badge.img+23

Sharing case solution:

The Diag has to be installed on all the exchange mailbox access nodes.

Minimum version 11.24.25
Summary Upgrade jquery version for content store mail server
Applicable-packages ExchangeDatabaseiDataAgent
Link [Expiry: 01/22/2022] UpdateBundle_Build1108123_Form3993



The hotfix updated the jQuery Library. The new security report doesn't show it anymore.


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings