<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeKnowledge Base
Validate the Okta jQuery Library Version
Mar 20, 2026
Okta Classic Engine
Okta Identity Engine
SDKs & Libraries
Overview

Penetration tests show that Okta is using an outdated jQuery library that has known vulnerabilities during Single Sign-On.

Applies To
  • jQuery
  • Okta Identity Engine (OIE)
  • Okta Classic Engine
Solution

The jQuery library used in Okta's sign-in widget has been upgraded to version 3.6.1.

This can be validated in the Chrome browser using developer tools and entering the following command in the browser developer console: 

jQueryCourage.fn.jquery
  • Example:
    jQuery  

There are other instances of jQuery 1.12.4 pulled from the Okta CDN (not for the sign-in widget) that security scanners will find. Upon inspection of the file, these tests reveal that, by searching for CVEs, Okta developers have left notes indicating how they addressed the vulnerability in the file.

 

The following error may be encountered after running this command: Uncaught ReferenceError: jQueryCourage is not defined at <anonymous>:1:1.

Uncaught ReferenceError

It happens because the Sign in widget version is using the Third-Generation widget. Temporarily disable this feature to highlight the jQuery version if needed.

Follow the steps in the Enable Third Generation Sign-In Widget documentation to toggle off the Third-generation widget.

Recommended content

Still looking for help?
Loading
Validate the Okta jQuery Library Version