"Acceptable minimum versions" list does not satisfy statement "common JavaScript libraries that do not contain known security flaws" within Microsoft mitigation.

[solrac149]

https://github.com/MicrosoftDocs/azure-docs/blob/58f37499b1d9c6143573fc6030ea4c47d8bce578/articles/security/develop/threat-modeling-tool-configuration-management.md?plain=1#L201

"I did a spot check for Jquery 1.7.1 and found the below CVE listing that include vulnerabilities for that version:

https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-11031/year-2020/Jquery-Jquery.html

Should the acceptable minimum version listing be removed, as it is static security guidance that doesn't age well? Instead use wording such as "common JavaScript libraries that do not contain known security flaws, and maintained"

---

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

• ID: 71a7f29e-89b2-f87c-bcf5-7f8f9b844a96
• Version Independent ID: fe57f2f0-b2fe-1120-e480-da7aa0706a18
• Content: Configuration management for the Microsoft Threat Modeling Tool - Azure
• Content Source: articles/security/develop/threat-modeling-tool-configuration-management.md
• Service: security
• Sub-service: security-develop
• GitHub Login: @jegeib
• Microsoft Alias: jegeib

[JamesTran-MSFT]

@solrac149 Thanks for your feedback! I've assigned this issue to the author who will investigate and update as appropriate.