softwares (Weblogic, a supplier app, mobile app): quite a number
of XSS vulnerabilities were found by our pentester.
One app vendor replied that updating (ie patching) or upgrading
jQuery may destabilize their app? So are we supposed to wait
for these vendors to release their next release app so as to
bundle in newer & patched jQuery or we can get the patches/
updates from Oracle & just update/patch it?? Or by doing so,
we'll lose the support of the app vendor?
In the case of Weblogic 126.96.36.199, jQuery ver 3.2 is bundled.
Since both Weblogic & jQuery are from Oracle, is it supported
if we just update jQuery (or there's no patch/update ie we
just have to upgrade jQuery to ver 3.3 or 3.4)?