Why is the EFT Web Transfer Client (WTC) using an older version of jQuery?


THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • EFT v8.0.4 and earlier
  • jQueury was removed in 8.0.5.7

DISCUSSION

Globalscape EFT platform relies on a number of libraries, frameworks, and toolkits for everything from web-facing, front-end functionality, such as jQuery, to back-end functions, such as authentication subsystems (RSA SecurID®). These libraries are monitored and evaluated for change, including new-version releases that include bug fixes, new features, and the occasional security vulnerability fix.

Depending on the nature of the change, the Globalscape development and product teams must determine whether they should introduce the updated library in a given release, defer to a subsequent release, or on occasion, decide to replace the library, framework, or toolkit with an alternative technology. Such decisions are often predicated on a number of criteria, such as the:

  • amount of risk associated with introducing the change (this is important if the new version of the library or framework has undergone substantial modifications),
  • nature of the fix (was it to address a security vulnerability or add functionality that may or may not be needed),
  • and the amount of work necessary to introduce the updated library (as it is seldom the case that it is a drop-in replacement).

One recent example of this decision-making process was deciding whether to update the current version of jQuery, used in the EFT Web Transfer Client (WTC). Although there have been newer versions of jQuery released over the months and years, the functionality of the WTC was not affected by these changes, including fixes to security bugs that existed in jQuery functions that were never accessed by the WTC. Over time, newer technologies have started to evolve that are displacing jQuery as the framework of choice for evolving web applications (such as Angular JS). Replacing jQuery with Angular JS (or other such tools) includes revisiting the entire WTC architecture—a design and implementation process that will require several months of effort, all running in parallel with routine releases of the WTC.

The philosophy of Globalscape is to try to balance the temptation to always be on the latest version of a framework with the practically of doing so, measuring risk versus reward, and alignment with strategic direction versus achieving short term tactical gains, to reach the right decision for both Globalscape and our valued customers.