The latest jQuery 3.5.0 release has been announced for general availability and comes with a crucial XSS security fix.
This release is available over the official CDN and the npm package manager.
Some of the highlights with this release include the deprecation of positional selectors which will be removed in jQuery 4.0. The last two methods,
.odd() have been added to replace the
:odd selectors making it ripe for removal in the future release.
With this release, you can now add a context to
jQuery.globalEval which fixes an execution In computing technology, a bug is an unintentional coding error in a computer application program, hardware device or operating system. Bugs can typically cause annoying computer glitches, or cause more serious problems including life-threatening situations. In 2018 and 2019 a bug in the sensor on the Boeing 737 Max caused Lion Air Flight 610 and Ethiopian Airlines Flight 302 to... More in iframes.
The main security fix that comes with this jQuery 3.5.0 release fixes a cross-site scripting (XSS) vulnerability. This fix fixes a regex in the
jQuery.htmlPrefilter method which was designed to ensure that all closing tags were XHTML-compliant when passed to methods.
More information about this security fix, new features, and what’s deprecated can be found here.
You can get the jQuery 3.5.0 release files from the official jQuery CDN or simply link directly to them. That includes the slim build versions.
https://code.jquery.com/jquery-3.5.0.js https://code.jquery.com/jquery-3.5.0.min.js https://code.jquery.com/jquery-3.5.0.slim.js https://code.jquery.com/jquery-3.5.0.slim.min.js
If you prefer npm you can get it from here:
npm install [email protected]
The files can be downloaded into your projects from here.