In our product we are using Sling version 6 in one of our release.(Working on Migration to Sling 10 for next versions)
Recently we came across a security bug CVE-2015-9251.
To fix this an up-gradation of jQuery to versions greater than 3.0.0 is required.
In our product we are using two Sling dependencies which contains jQuery.
1) org.apache.sling.launchpad.webapp - v6 (war) - contains org.apache.felix.webconsole-3.1.6.jar which internally uses jQuery v1.3.2.js.
2) org.apache.sling.extensions.explorer - v1.0.3(jar) - contains jQuery v1.4.2.min.js
As part of the fix for the security bug we need to upgrade the jQuery in the jars that are mentioned above.
For that we checked the latest versions for the above mentioned jars and identified that the jQuery versions are not above v3.0.0.
So could you please help us in upgrading them as soon as possible.