Control access to jQuery and other internal libraries

The Splunk platform includes internal software libraries that are maintained and deprecated on an ongoing basis to protect your data and applications. Beginning in Splunk Cloud Platform 8.2.2203 and Splunk Enterprise 9.0 and higher, you can directly control access in your deployment to older versions of jQuery and unsupported hotlinked imports that ship with the Splunk platform. You can toggle freely between allowing or restricting access to different internal libraries as your organizational needs change.

Restricting access to deprecated libraries might introduce breaking changes to dashboards and private and public applications in your Splunk platform instance. While restricting access might lead to breaking changes, restricting access to deprecated libraries and imports is the best way to help keep your Splunk platform instance more secure. In many cases, you can upgrade your dashboards and applications to avoid relying on deprecated libraries and keep your instance more secure while also avoiding breaking changes.

These settings apply only to libraries that are shipped with the Splunk platform, not to libraries that are shipped with applications.

Restrict access to older versions of jQuery

Complete the following steps to restrict access to older versions of jQuery and ensure that restricting access does not cause breaking changes in your deployment. As a best practice, complete these steps in a test instance before deploying your changes.

1. Determine if any apps in your deployment rely on older versions of jQuery. To learn more about identifying which apps might be affected, see Identify affected apps with the Upgrade Readiness App.
2. Upgrade any apps identified by the Upgrade Readiness App to resolve any dependencies on older versions of jQuery.
3. To determine if any of your dashboards rely on older versions of jQuery, open the jQuery Upgrade dashboard:
   1. Open the Search & Reporting app.
   2. Select Dashboards > jQuery Upgrade Dashboard.
4. Resolve any issues with dashboards that rely on older versions of jQuery.
5. In the Search & Reporting app, select Settings > Server Settings, and then select Internal Library Settings.
6. From the Internal Library Settings page, toggle the jQuery Libraries older than 3.5 section to restrict older jQuery libraries.

In some versions of Splunk Cloud Platform and Splunk Enterprise, access to older jQuery libraries is restricted by default. You can return to the Internal Library Settings page at any time to restore access to older jQuery libraries.

Restrict access to unsupported hotlinked imports

Unsupported hotlinked imports are dependencies in your Simple XML Custom JavaScript Extensions that directly reference Splunk product code. To reduce the possibility of future security risks in your Splunk platform instance, you can restrict access to unsupported hotlinked imports. Complete the following steps to restrict access to unsupported hotlinked imports. As a best practice, complete these steps in a test instance before deploying your changes.

1. Use the Upgrade Readiness App and Splunk AppInspect to determine if any apps in your deployment rely on unsupported hotlinked imports, then remove those dependencies.
   
   For more information about the Upgrade Readiness App, see About the Upgrade Readiness App in the Upgrade Readiness manual. For more information about Splunk AppInspect, see Ensure your app passes AppInspect checks.
2. In the Search & Reporting app, select Settings > Server Settings, and then select Internal Library Settings.
3. From the Internal Library Settings page, toggle the Unsupported Hotlinked Imports section to restrict unsupported hotlinked imports.

In some versions of Splunk Cloud Platform and Splunk Enterprise, access to unsupported hotlinked imports is restricted by default. You can return to the Internal Library Settings page at any time to restore access to unsupported hotlinked imports.