[HBASE-25261] Upgrade Bootstrap to 3.4.1 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4
Component/s: security, UI
Labels:
None

Description

HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: https://snyk.io/vuln/npm:bootstrap

Upgrading to bootstrap 4 would be nice, but potentially more work to do. To avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.

Attachments

Issue Links

links to

GitHub Pull Request #2661

Activity

People

Assignee:: Mate Szalay-Beko

Reporter:: Mate Szalay-Beko

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 10/Nov/20 07:25

Updated:: 19/Nov/20 00:49

Resolved:: 17/Nov/20 16:17