[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17234879#comment-17234879 ]
Hudson commented on HBASE-25261: -------------------------------- Results for branch branch-2 [build #103 on builds.a.o|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/103/]: (/) *{color:green}+1 overall{color}* ---- details (if available): (/) {color:green}+1 general checks{color} -- For more information [see general report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/103/General_20Nightly_20Build_20Report/] (/) {color:green}+1 jdk8 hadoop2 checks{color} -- For more information [see jdk8 (hadoop2) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/103/JDK8_20Nightly_20Build_20Report_20_28Hadoop2_29/] (/) {color:green}+1 jdk8 hadoop3 checks{color} -- For more information [see jdk8 (hadoop3) report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/103/JDK8_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 jdk11 hadoop3 checks{color} -- For more information [see jdk11 report|https://ci-hadoop.apache.org/job/HBase/job/HBase%20Nightly/job/branch-2/103/JDK11_20Nightly_20Build_20Report_20_28Hadoop3_29/] (/) {color:green}+1 source release artifact{color} -- See build output for details. (/) {color:green}+1 client integration test{color} > Upgrade Bootstrap to 3.4.1 > -------------------------- > > Key: HBASE-25261 > URL: https://issues.apache.org/jira/browse/HBASE-25261 > Project: HBase > Issue Type: Improvement > Components: security, UI > Reporter: Mate Szalay-Beko > Assignee: Mate Szalay-Beko > Priority: Major > Fix For: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4 > > > HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 > medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and > CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is > here: [https://snyk.io/vuln/npm:bootstrap] > Upgrading to bootstrap 4 would be nice, but potentially more work to do. To > avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, > which is 3.4.1 currently. -- This message was sent by Atlassian Jira (v8.3.4#803005)