jQuery 3.5.0 has been released and it includes one security-related bugfix. All usages have been updated.

The jQuery release contains a breaking change which was required to fix the security issue. You have to make sure that all HTML that is included directly via jQuery or via CoreMedia's Dynamic-Include brick is either valid XHTML or valid HTML 5 in respect of self-closing tags. For example, consider the following jQuery expression:

$("<div/><img/>")

Prior to jQuery 3.5.0, this always resulted in <div></div><img/> even though <div/> is not a valid self-closing tag in HTML 5. After the update the resulting markup will look as follows <div><img/></div> on HTML 5 page and thus potentially break existing pages. Website using XHTML are not affected by this change. Please ensure that you only use allowed self-closing tags in your HTML 5 markup.

The change is described in more detail here: https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/

(CMS-17167)