Google Calendar Sync

The jQuery 1.7.1 library, released in 2011, has critical vulnerabilities that pose security risks, primarily related to Cross-Site Scripting (XSS). Below are the main vulnerabilities and issues:

Main Vulnerabilities

XSS via jQuery(strInput) Function (CVE-2012-6708) - Issue: The jQuery(strInput) function fails to properly distinguish between HTML and selectors, allowing attackers to inject malicious scripts by exploiting the '<' character check. - Impact: Enables execution of arbitrary scripts, potentially stealing user data (e.g., cookies, session tokens). - Severity: Medium (CVSS: 6.1). - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). XSS via the load Method (CVE-2020-7656) - Issue: The load method does not correctly handle tags with whitespace (e.g., ), allowing script injection from untrusted sources. - Impact: Attackers can execute malicious scripts, compromising user sessions. - Severity: Medium. - Fix: Upgrade to jQuery 1.9.0 or later (3.7.1 recommended). Outdated Security Practices - Issue: jQuery 1.7.1 lacks modern XSS protections (e.g., stricter input validation, secure DOM manipulation) introduced in later versions. Vulnerable methods like .html(), .append(), or AJAX calls (e.g., $.get()) increase risks if used with untrusted inputs. - Impact: Higher attack surface due to unpatched vulnerabilities and deprecated features. - Fix: Upgrade to jQuery 3.7.1 for enhanced security and compliance with current standards.

What are the plans to use newest jQuery?