The latest jQuery 3.5.0 release has been announced for general availability and comes with a crucial XSS security fix.
This release is available over the official CDN and the npm package manager.
Some of the highlights with this release include the deprecation of positional selectors which will be removed in jQuery 4.0. The last two methods,
.odd() have been added to replace the
:odd selectors making it ripe for removal in the future release.
With this release, you can now add a context to
jQuery.globalEval which fixes an execution bug in iframes.
The main security fix that comes with this jQuery 3.5.0 release fixes a cross-site scripting (XSS) vulnerability. This fix fixes a regex in the
jQuery.htmlPrefilter method which was designed to ensure that all closing tags were XHTML-compliant when passed to methods.
More information about this security fix, new features, and what’s deprecated can be found here.
You can get the jQuery 3.5.0 release files from the official jQuery CDN or simply link directly to them. That includes the slim build versions.
https://code.jquery.com/jquery-3.5.0.js https://code.jquery.com/jquery-3.5.0.min.js https://code.jquery.com/jquery-3.5.0.slim.js https://code.jquery.com/jquery-3.5.0.slim.min.js
If you prefer npm you can get it from here:
npm install [email protected]
The files can be downloaded into your projects from here.