[
https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Mate Szalay-Beko updated HBASE-25261:
-------------------------------------
Description:
HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4
medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and
CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is
here: [https://snyk.io/vuln/npm:bootstrap]
Upgrading to bootstrap 4 would be nice, but potentially more work to do. We
should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.
was:
HBase UI is currently using in bootstrap 3.3.7. This version is vulnerable to 4
medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and
CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is
here: [https://snyk.io/vuln/npm:bootstrap]
Upgrading to bootstrap 4 would be nice, but potentially more work to do. We
should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.
> Upgrade Bootstrap to 3.4.1
> --------------------------
>
> Key: HBASE-25261
> URL: https://issues.apache.org/jira/browse/HBASE-25261
> Project: HBase
> Issue Type: Improvement
> Components: security, UI
> Reporter: Mate Szalay-Beko
> Assignee: Mate Szalay-Beko
> Priority: Major
>
> HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4
> medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and
> CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is
> here: [https://snyk.io/vuln/npm:bootstrap]
> Upgrading to bootstrap 4 would be nice, but potentially more work to do. We
> should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
