[
https://issues.apache.org/jira/browse/HBASE-29167?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Nihal Jain updated HBASE-29167:
-------------------------------
Component/s: security
> Upgrade vega and its related js libraries
> -----------------------------------------
>
> Key: HBASE-29167
> URL: https://issues.apache.org/jira/browse/HBASE-29167
> Project: HBase
> Issue Type: Task
> Components: security, UI
> Affects Versions: 2.6.0, 3.0.0-alpha-4, 2.5.5
> Reporter: Nihal Jain
> Assignee: Nihal Jain
> Priority: Major
> Fix For: 2.6.0, 3.0.0-alpha-4, 2.5.5
>
>
> HBase is using Vega, v5.19.1, which was released on 21 Jan, 2021 and is
> vulnerable to cross-site scripting (XSS), CVE IDs:
> * [CVE-2023-26486|https://nvd.nist.gov/vuln/detail/CVE-2023-26486]
> * [CVE-2023-26487|https://nvd.nist.gov/vuln/detail/CVE-2023-26487]
> This Jira is to upgrade to latest releases:
> * [https://github.com/vega/vega/releases/tag/v5.24.0]
> * [https://github.com/vega/vega-lite/releases/tag/v5.6.1]
> * [https://github.com/vega/vega-embed/releases/tag/v6.21.3]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
