[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17234628#comment-17234628 ]
Hudson commented on HBASE-25261: -------------------------------- Results for branch branch-1 [build #55 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/55/]: (x) *{color:red}-1 overall{color}* ---- details (if available): (x) {color:red}-1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/55//General_Nightly_Build_Report/] (x) {color:red}-1 jdk7 checks{color} -- For more information [see jdk7 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/55//JDK7_Nightly_Build_Report/] (x) {color:red}-1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-1/55//JDK8_Nightly_Build_Report_(Hadoop2)/] (x) {color:red}-1 source release artifact{color} -- See build output for details. > Upgrade Bootstrap to 3.4.1 > -------------------------- > > Key: HBASE-25261 > URL: https://issues.apache.org/jira/browse/HBASE-25261 > Project: HBase > Issue Type: Improvement > Components: security, UI > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > Fix For: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4 > > > HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 > medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and > CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is > here: [https://snyk.io/vuln/npm:bootstrap] > Upgrading to bootstrap 4 would be nice, but potentially more work to do. To > avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, > which is 3.4.1 currently. -- This message was sent by Atlassian Jira (v8.3.4#803005)