Is “sharedhovercard.js” part of SharePoint's default installation?
Pregunta
I've been alerted that a security scan found a vulnerability in one of our SharePoint farms that there is an out of date version of jQuery (which presents a security risk).
The file in question is located at:
https://<server>/_layouts/15/sharedhovercard.js
Inspection of the file reveals a comment inside it that reads:
/*! jQuery v1.7.2 jquery.com */
which I believe is what the security scan found.
Other people have also been reporting this same issue:
https://techcommunity.microsoft.com/t5/sharepoint/out-of-date-version-jquery/m-p/1663933
Clearly, a comment inside a .js
file referencing a specific jQuery version does not necessarily mean that that version of jQuery is being used anywhere, but even so, I started wondering about that file.
The location (directly in /_layouts/15
) is not somewhere that I would put anything custom that I deployed, even if it were a Farm solution and I was deploying files to the _layouts
folder. It seems like somewhere that some file included by Microsoft as part of the regular installation of SharePoint might end up, however, I've been working with SharePoint for a while and I've never heard of sharedhovercard.js
.
Is that a file that is included with a regular installation of SharePoint?
Solución
Otros consejos
Is “sharedhovercard.js” part of SharePoint's default installation?
It's not a part of the default SharePoint 2013 Installation, and this file is not found on my side!
Also, I have checked the physical layout path, I can't find it!
C:\Program Files\Common Files\microsoft shared\Web Server Extensions\15\TEMPLATE\LAYOUTS
It would be also great to share the current SharePoint version and the latest Cumulative update that is currently installed (check how you can Find SharePoint Farm Build Version). So that we can investigate further.