[jira] [Commented] (HBASE-25261) Upgrade Bootstrap to 3.4.1

Peter Somogyi (Jira) Tue, 17 Nov 2020 03:51:09 -0800


    [ 
https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17233534#comment-17233534
 ]


Peter Somogyi commented on HBASE-25261:
---------------------------------------

Merged to master.
[~apurtell], can this still go into 2.4.0?

> Upgrade Bootstrap to 3.4.1
> --------------------------
>
>                 Key: HBASE-25261
>                 URL: https://issues.apache.org/jira/browse/HBASE-25261
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, UI
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>
> HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 
> medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and 
> CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is 
> here: [https://snyk.io/vuln/npm:bootstrap]
> Upgrading to bootstrap 4 would be nice, but potentially more work to do. We 
> should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Commented] (HBASE-25261) Upgrade Bootstrap to 3.4.1

Reply via email to