Hello Omeka Community,
I’ve been trying to find out the versions of jQuery and Modernizr bundled with Omeka Classic and noticed the following (I might be wrong here):
-
Omeka Classic 3.2:
- jQuery: 3.6.0?
- Modernizr: 2.8.3?
-
Omeka Classic 3.1.2:
- jQuery: 3.6.0?
- Modernizr: 2.8.3?
So, both versions use the same libraries? It appears the latest official releases are:
- jQuery: 3.7.1 (stable)
- Modernizr: 3.13.1
This might mean that Omeka Classic is slightly behind on jQuery and significantly behind on Modernizr (which hasn’t been updated in Omeka for a long time).
Questions:
- Is there any official guidance or roadmap for updating these libraries in Omeka Classic?
- Has anyone successfully upgraded jQuery to 3.7.x or Modernizr to 3.x in Omeka Classic?
- Are there known compatibility issues or best practices for doing this safely without breaking themes/plugins?
Any advice or experiences would be greatly appreciated!
We didn’t make any changes to versions of jQuery or Modernizr in the 3.2 release, or in quite some time.
Are you looking to update them just to update them, or for a specific reason?
Thanks for confirming there haven’t been recent changes.
My goal is to reduce potential future risk exposure while keeping themes/plugins stable. I’m trying to understand and anticipate security hardening and compatibility considerations:
jQuery
- Past XSS issues (CVE‑2020‑11022 / CVE‑2020‑11023) were fixed in 3.5.0 and later added to CISA’s Known Exploited Vulnerabilities list—so staying current reduces exposure as new advisories surface.
- Omeka Classic ships jQuery 3.6.0 (includes the 3.5.0 fixes), while the latest stable is 3.7.1 with additional fixes/improvements.
Sources:
Modernizr
- Omeka Classic bundles 2.8.3; the current line is 3.13.1 (2024).
- Being on the maintained 3.x branch aligns with OWASP’s guidance to avoid vulnerable/outdated components; Snyk currently shows no direct vulnerabilities for 3.13.1.
Sources:
Questions
- Would you consider bumping jQuery to 3.7.x in a future Classic release?
- Are there known blockers to moving Modernizr 2.8.3 → 3.x in core (API/test changes, theme/plugin impacts)?
- Interim: is it recommended to override jQuery at the theme level (given 3.2 notes that theme.useInternalAssets applies to jQuery/jQuery UI)? Reference: Omeka Classic 3.2 release notes
There shouldn’t be any issue with us updating jQuery in the core, sure.
On Modernizr, I’d be more likely to just take it out. We don’t really use it for much if anything anymore. Just having your theme not load it is probably a better move unless you really need it.
You can override either of them in your theme if you want.
Thanks for confirming the jQuery update is fine for the core. Regarding Modernizr, removing it sounds reasonable if it’s no longer being used meaningfully.
Just to clarify — do you have a timeline in mind for when these updates (jQuery and Modernizr) will be made? Knowing that would help with planning any theme-level overrides or compatibility checks.
Also, are there any specific versions of jQuery you’re targeting for the update?