At Splunk, we continuously focus on the security of the Splunk Enterprise. As part of that effort, we announced the deprecation of libraries older than jQuery v3.5 in early 2021. Starting in the second half of calendar year 2022, we plan to remove support for jQuery libraries older than v3.5 in new versions of Splunk Enterprise.
These changes will enhance the security of your product. However, they require action from you to update Classic (Simple XML) dashboards, HTML dashboards, applications installed from Splunkbase, and private applications.
Step 1: Update your classic (simple XML) and HTML dashboards
Update Classic (Simple XML) dashboards that use jQuery libraries prior to v3.5
- Simple XML Dashboard version 1.0
- Dashboards load with older versions of jQuery
- Simple XML Dashboard version 1.1
- Dashboards load with jQuery 3.5
Admins will need to work with dashboard owners to update simple XML dashboards to v1.1.
As a Splunk Admin, you can check the jQuery Upgrade dashboard to see which dashboards are affected. To open the jQuery Upgrade dashboard, open the Search & Reporting App, click Dashboards, and then click jQuery Upgrade Dashboard.
Rebuild HTML dashboards have been deprecated
You can rebuild them in one of the following ways:
- Rebuild your HTML dashboards in Dashboard Studio. Dashboards created or rebuilt in Dashboard Studio don't need updates for jQuery 3.5. For more information about Dashboard Studio, see What is the Splunk Dashboard Studio?
Do not update classic (simple XML) or HTML dashboards that are provided by a third-party app developer. App developers will be required to update their apps and dashboards. You only need to update classic (simple XML) or HTML dashboards that were created by end users in your organization.
Step 2: Update public and private apps that use jQuery libraries prior to v3.5
Make sure that you update all business-critical Splunkbase and private applications in time for the removal of older jQuery libraries. You should also review the jQuery Scan section in the Upgrade Readiness App, which has been introduced starting in Splunk Cloud Platform v8.2.2109, to see which Splunkbase or private apps require an update.
For third-party apps, it is the app developer’s responsibility to ensure their applications are updated with jQuery v3.5. If you are unsure if a third-party app will be updated, you can contact the application owner through the app page on Splunkbase via the Contact Developer option.
Step 3: Restrict jQuery libraries older than v3.5
After you have updated all dashboards and apps, we recommend you test the updates by restricting the jQuery libraries older than v3.5 in a test environment before making the final restriction in your production instance. Restricting or unrestricting older jQuery libraries does not require a Splunk restart. This capability has been introduced in Splunk Enterprise 9.0 and is only available in versions that support jQuery libraries older than v3.5.
You can access this capability from Settings > Server Settings > Internal Library Settings.
Help us make your Splunk instance more secure. Please ensure your Splunk Enterprise instance, dashboards, premium solutions, Splunkbase applications, and private applications are upgraded.
Not all heroes wear capes!
Check out how Splunk Admin Gregg Daly used tooling provided in the Splunk Platform to restrict older versions of jQuery to make his company’s Splunk instance more secure.