Share via

Vulnerable and outdated Jquery and bootstrap version (Integrity)

Ismael González Briongos 1 Reputation point
2020-08-20T07:38:43.74+00:00

SSRS 2016 uses vulnerable Jquery 3.3.1 and Bootstrap 3.3.5.
A security assessment found that an attacker may use the vulnerable JavaScript framework version to perform malicious attacks.
Assessment suggestion for remediation is patching or update to the latest version of the Jquery. However, this might brake SSRS 2016.
Any other suggestions?

SQL Server Reporting Services
SQL Server Reporting Services
A SQL Server technology that supports the creation, management, and delivery of both traditional, paper-oriented reports and interactive, web-based reports.
2,940 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ZoeHui-MSFT 37,671 Reputation points
    2020-08-21T03:23:03.72+00:00

    Hi,

    We could not make sure if the update to the latest version will brake SSRS or not.

    You may upgrade the versions in the test environment for a try.

    If it really brake SSRS,I suggest you submit the requirement at

    908035-sql-server

    If the requirement mentioned by customers for many times, the product team may consider to add this feature in the next SQL Server version. Your feedback is valuable for us to improve our products and increase the level of service provided.

    Regards,

    Zoe

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.