Older versions of jQuery may contain vulnerabilities that would allow the application to be compromised or unduly influenced. Therefore, Cornerstone will be upgrading its jQuery library from version 1.7 to 3.4 with the August '20 release. If an organization is ready to self-upgrade prior to August, they have the option to do so in Production by using the Enable JQuery 3.4 option on the jQuery Validation Tool page.
As part of the May '20 release, Pilot and Stage environments are auto-upgraded. We urge clients to test the jQuery Library 3.4 upgrade in Pilot and Stage to assess its impact. Following your testing, we strongly encourage you to consider upgrading in production prior to August ‘20 Release as this upgrade improves the overall security of your portal.
Cornerstone's upgrade of its jQuery library only updates standard core pages of the application. Custom code that clients have utilized will not be upgraded by Cornerstone as a result of this effort and thereby may contain vulnerabilities and errors produced by older versions of jQuery.
If you have custom developed pages or core areas utilizing custom code inserted via header and footers, you should use the jQuery validation tool, introduced in the October '19 Release, to generate a report of potential jQuery errors that need to be addressed. If these errors are not addressed prior to the May ’20 Release for Stage/Pilot and the August '20 Release for production environments, pages utilizing the custom code will not work as expected.
Following the jQuery Library 3.4 upgrade, users on an unsupported browser or operating system will not be able to navigate Cornerstone. Please see Cornerstone’s General Minimum Requirements for a full list of supported browsers. See General Minimum Requirements.
To access the jQuery Validation Tool, go to.
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|
|jQuery Validation Tool - Manage||Grants ability to access and run the jQuery Validation Tool. This permission cannot be constrained. This is an administrator permission.||Core Administration|
Enable jQuery 3.4
Note: This option is only available in Production environments. jQuery 3.4 is automatically enabled in Stage and Pilot environments.
With the May 2020 release, Stage and Pilot environments are auto-upgraded from jQuery 1.7 to jQuery 3.4. This auto-upgrade will occur in Production environments with the August 2020 release, allowing organizations three additional months to prepare.
If an organization is ready to self-upgrade prior to August, they have the option to do so in Production.
To enable jQuery 3.4 in a Production portal, select the Enable jQuery 3.4 option, and select the button.
If your organization is using a custom login page, it may take up to one month before jQuery 3.4 is reflected on the custom login page. If your organization is using a custom login page and would like jQuery 3.4 immediately reflected on the custom login page, please contact Global Product Support.
Understanding the potential impact a jQuery library upgrade can have on clients' customizations, Cornerstone has built a validation tool that will generate a report to help clients test the versions of jQuery used in their custom code in their portals. Once initiated, this back-end process scans through custom jQuery entered on custom developed areas of the application and generates a report of errors which identify potential fixes that need to be implemented. This tool is a guideline for identification purposes only. It does not guarantee that all potential errors will be identified nor does it handle any of the updating of the jQuery versioning. Cornerstone will not be able to provide support on fixing custom code and recommends that impacted clients consult with a qualified engineer to review all custom code to ensure compatibility with jQuery version 3.4 before Cornerstone updates its jQuery library.
Administrators can run the tool, and the tool will scan custom jQuery on custom-developed areas. The tool generates a report of potential areas that need to be addressed. Once the report is generated, administrators may download the report from the Reports section of the page. The tool may only be run once every 24 hours. Depending on the number of custom scripts in a portal, the report may take up to 24 hours to complete.
Please note, the jQuery tool is only a helpful guideline - it is not guaranteed to detect 100% of all outdated custom jQuery. It is strongly recommended that in addition to utilizing the tool, organizations review all custom code for any other outdated jQuery prior to the May '20 release for stage/pilot and the August '20 Release for production environments.
Listed are helpful links for developers updating the jQuery in your custom development
- Cornerstone's jQuery Migration Guide: https://click.cornerstoneondemand.com/p0f00P6ikR0r1YXDjk0UVz0
- jQuery Core 1.9 Upgrade Guide: https://jquery.com/upgrade-guide/1.9/
- jQuery Migrate: Migrate older jQuery code to jQuery 1.9+: https://github.com/jquery/jquery-migrate/tree/1.x-stable#readme
- jQuery Core 3.0 Upgrade Guide: https://jquery.com/upgrade-guide/3.0/
- jQuery Migrate: https://github.com/jquery/jquery-migrate/