Forum Discussion
SPFX supported version for SPSE
Hi Nicolae, we've heard the feedback asking for SharePoint Server Subscription Edition to support newer versions of SharePoint Framework. (Thanks to everyone for sharing your feedback!) I'm afraid it's too early at this stage for us to commit to anything, but this is a request we're actively discussing / exploring.
- sumeetsinghal5688Nov 29, 2022Brass ContributorThanks for mentioning these security vulnerabilities, TroyStarr, we are waiting your response since Sep 2022, looks like On-Premise left orphan and overdose nutrition is provided to cloud products.
- dridenour49Sep 22, 2022Copper Contributor
TroyStarr, any update on an upgraded version of SPFX? If Microsoft cannot invest in their on-prem solution, then in environments where SharePoint is being considered for a new application, a competitor is used instead, especially ServiceNow.
David
- petvalSep 09, 2022Copper Contributor
Hello TroyStarr
another obvious reason that haven't been listed yet are the obvious security risks. Many of the packages used by SPFx 1.4.1 use already vulnerable version that have been long patched in the new version. But we can't use them because we are locked to legacy version.
Here is the result of the XRay alert in our pipeline when building SPFx 1.4.1
[Pipeline] xrayScan
Security Violations
# Severity Component CVE
1 High handlebars:4.1.2 CVE-2021-23369
2 High handlebars:4.1.2
3 High handlebars:4.1.2 CVE-2019-20922
4 High handlebars:4.1.2 CVE-2019-19919
5 High handlebars:4.1.2 CVE-2021-23383
6 High diff:3.2.0
7 High js-yaml:3.13.1 CVE-2021-22150
8 High js-yaml:3.7.0 CVE-2021-22150
9 High lodash:2.4.2 CVE-2021-41720
10 High handlebars:4.1.2
11 High handlebars:4.1.2
12 High js-yaml:3.7.0
13 High lodash:1.0.2 CVE-2021-41720
14 High acorn:5.7.3
15 High handlebars:4.1.2 CVE-2019-20922
16 High handlebars:4.1.2 CVE-2021-23369
17 High handlebars:4.1.2
18 High handlebars:4.1.2
19 High handlebars:4.1.2 CVE-2019-19919
20 High handlebars:4.1.2
21 High acorn:5.7.3
22 High js-yaml:3.13.1 CVE-2021-22150
23 High handlebars:4.1.2
24 High diff:3.2.0
25 High js-yaml:3.7.0
26 High lodash:1.0.2 CVE-2021-41720
27 High js-yaml:3.7.0 CVE-2021-22150
28 High tmpl:1.0.4 CVE-2021-3777
29 High handlebars:4.1.2 CVE-2021-23383
30 High handlebars:4.1.2
31 High lodash:2.4.2 CVE-2021-41720
And as developer I totally hate being locked to the old versions of TS, React. Node etc.
Also some industries have so tight legislative regulations (Swiss banking in my current case) that going to cloud is more difficult on the legal than technical level. So staying on SP2019 will be a security risk now. - TroyStarrAug 25, 2022Microsoft
Nicolae, this is something we're truly interested in, which is why we're exploring it. Unfortunately for a variety of engineering reasons it isn't as simple as it might seem. But please continue to share your needs as that will help us to prioritize the right investments.
- NicolaeAug 25, 2022Brass ContributorHi Troy. It's too early only if you consider SharePoint SE as the first version of SharePoint. Almost all the JS libraries that SPFx 1.4.1 can work with are deprecated or just useless because they're beta versions. We don't really care about the new functionalities of SPFx, just the support for new versions of NodeJS, TypeScript, React, etc. Or do you think ASP Webforms developers are still a thing? You're killing the on-prem SharePoint, intentionally or unintentionally.