jQuery v1.12.4 is reported as vulnerable in online tools when I check my website. Does that mean that my Joomla site is vulnerable?
No. The jQuery version, packaged with Joomla (assuming you are up-to-date with your Joomla version), has been patched with all the security vulnerabilities found in later versions of jQuery. It ensures that, despite the fact that Joomla uses an older version of jQuery, it is safe to use (or to be correct, not more unsafe than the latest jQuery version).
Unfortunately, most online tools do not check the content of the jQuery library and have no clue it has been patched in Joomla. Therefore it is a 'false' negative (it reports the library as vulnerable, when it fact, it is not).
The jQuery version will remain the same for the Joomla 3 series to ensure full backward compatibility of jQuery throughout templates and extensions.
