PCI-DSS vulnerability scan fails on jquery.min.js

We have just had to have a PCI-DSS scan of our servers and they picked up on LibreNMS running a very old version of the jquery.min.js file in the /html/js folder (version 1.10.2)

However looking at the Librenms change log I see for v1.64 the following entry - Bump jquery from 3.4.1 to 3.5.0, but checking the git repo 1.10.2 is the latest file (and matches what is on our server).

Am I doing something stupid, or is the current version for librenms still 1.10.2 and can I manually update it with out breaking things?

thanks, Mark

Hi,
thanks for the hint.
Pull request to update jquery is out

many thanks for the response - copied in 3.5.1 manually and it seems to work OK (touch wood!) - now on to resolving the other issues that were reported, none of which were for LibreNMS

update on this - although 3.5.1 seemed to work a couple of days ago I started having issues where graphs were not being displayed - go into a device,select ports and no graphs would show.
Reverting back to the original version of jquery.min.js immediately fixed the issue

could you tell me what to fix where? so i can add it on to the pull request

the behaviour seems odd - any graphs you add to a dashboard appear correctly, so do the ones that pop up if you hover over a device name in the device list, also it you go into a device the small graphs at the top appear OK.

But if you click on any graph displayed on the dashboard, the small graphs are missing along with the main graph. If you go into a device and choose ports, graphs, health etc all the graphs there are missing.

Tried in Chrome and Internet Explorer with the same results - unfortunately no error messages are generated either on the server or the browser and my dev skills are somewhere in the minimal to none range :frowning: