In order to reduce vulnerabilities and ensure your K2 solutions are secure, we have been working on updating all jQuery libraries used in the K2 platform, both runtime and design time. The jQuery version used in Nintex Automation (formerly known as K2 Five) and Nintex K2 Cloud has been upgraded to jQuery 3.7 and all jQuery libraries updated to reduce vulnerabilities and ensure your solutions are secure. All out of the box usage has been updated to mitigate security vulnerabilities and refactored to remove deprecated components and maximize compatibility with this jQuery version.
To minimize upgrade and backwards compatibility concerns with any custom controls or extensions created by customers or partners, we are releasing this work in stages.
In this first phase, we will release our updates alongside the jQuery migrate plugin. This will allow you to test your solutions and see any warnings in the browser console to help you see where you will need to replace your code for the latest updates. This should release as part of the 5.7 version in the middle of 2023, along with the K2 Cloud late 2023 release.
In the future, we will remove the migrate plugin to remove the remaining vulnerability. If you have not used any custom, community, or partner controls in your SmartForms, you should not be impacted. If you have extended SmartForms by injecting custom JS code that relies on jQuery libraries, you may be impacted.
For more information and code examples, please see the jQuery upgrade guide at https://jquery.com/upgrade-guide/3.0/ and our community article at https://community.nintex.com/automation-on-prem-57/jquery-upgrade-for-smartforms-59706.
NOTE: This information was sent out as an email tech bulletin on 6 June 2023. If you did not receive this email, check your spam filters or check with your Nintex account manager to ensure you are subscribed to communications from Nintex.
