Change jQuery version in Kentico bundle

Laura Frese asked on September 21, 2021 17:51

I am working with a Kentico 12 MVC site. The version of jQuery Kentico uses (3.3.0) has some security vulnerabilities. I removed that version of jQuery from /Kentico/Scripts and added 3.6.0 however this version is not being re-bundled so the bundle is still using 3.3.0. How do I get Kentico to rebuild the bundle with the new version of jQuery?

jquery bundle mvc

Correct Answer

Dmitry Bastron answered on September 22, 2021 07:51

Hi Laura,

Please check out this documentation guide (section Using jQuery scripts) and see if it helps.

0 votesVote for this answer Unmark Correct answer

Recent Answers

Juraj Ondrus answered on September 22, 2021 07:51

Do you have any proof of concept of the security issue? As far as I know, Kentico is not using the vulnerable code. Moreover, the scripts are used in the admin UI when loading page builder and so on - so, if the attacker is already in the admin UI...You can also report security issues to security@kentico.com directly.

0 votesVote for this answer Mark as a Correct answer

Laura Frese answered on September 23, 2021 16:09

This is the solution: By default, Kentico links two jQuery bundles required for the correct functioning of the page builder and its default components. The system jQuery version is 3.3.1. If you wish to use a different jQuery version (or link type) on your pages, you need to create your own bundle(s) with the corresponding path:

~/bundles/jquery ~/bundles/jquery-unobtrusive-ajax – bundle for using the jquery.unobtrusive-ajax.js JavaScript library (not to be confused with the jquery.validate.unobtrusive.js library) When you register a bundle with one of these paths, the corresponding system bundle will no longer be linked automatically. You need to link your custom jQuery bundle manually (either within the used layout or directly in the page's view) to ensure that the page builder works correctly.

0 votesVote for this answer Mark as a Correct answer