Are jQuery 1.x and 2.x officially end of life? #162
Comments
|
Yes, they're EOL. The issue template that appears when you open a new issue at https://github.com/jquery/jquery/issues contains the following text:
I assume you'd like to see something on the site as well. Do you have a suggestion where you'd want this info and how it should sound?
We don't give any guarantees for jQuery 1.x/2.x - they're officially unsupported - but if a serious vulnerability was detected (& sent to [email protected]) we might reconsider a patch. |
|
Thanks for the info.
A blog post or official announcement of some sort would be helpful. |
|
cc @timmywil |
|
We're going to add a note on the homepage that 1.x and 2.x no longer receive patches. |
|
Thanks...looking forward to it. |
|
Just curious for when we can expect this announcement to be made on the homepage. |
|
A PR is available to review at #163. |
|
Fixed by #163 |
The vendored jquery version was 1.9.1 from 2013-02-04. Let's replace it with the most recent one from the 1.x branch (1.12.4 from 2016-05-20). The modification in rjquery.js is needed because recent jQuery versions changed their behaviour, and do not set themselves on the global window object. See: parcel-bundler/parcel#333 (comment) This will be the lastest jQuery 1.x version ever, because 1.x branch is definitively EOLed (see jquery/jquery.com#162). This is a stopgap measure to get the latest security fixes. Going forward, another strategy will be needed. Closes #3640
I ask, because I can't find any official statement about ongoing patches or maintenance of the 1.x and 2.x series, except for this thread, where it seems to be declared:
jquery/jquery#2432 (comment)
If I interpret that correctly, the identified vulnerability will not get fixed in the 1.x or 2.x series of jQuery, and the official stance is to upgrade to 3.x. Is that correct?
The text was updated successfully, but these errors were encountered: