[
https://issues.apache.org/jira/browse/SPARK-30655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298005#comment-17298005
]
Peter Toth commented on SPARK-30655:
------------------------------------
[~d.clarke], it looks like you already fixed this in
[https://github.com/apache/spark/pull/27370|https://github.com/apache/spark/pull/27370].
Shall we close this ticket?
> Update WebUI Bootstrap to 4.4.1
> -------------------------------
>
> Key: SPARK-30655
> URL: https://issues.apache.org/jira/browse/SPARK-30655
> Project: Spark
> Issue Type: Improvement
> Components: Web UI
> Affects Versions: 3.1.0
> Reporter: Dale Clarke
> Priority: Major
>
> Spark is using an older version of Bootstrap (v. 2.3.2) for the Web UI pages.
> Bootstrap 2.x was moved to EOL in Aug 2013 and Bootstrap 3.x was moved to
> EOL in July 2019 ([https://github.com/twbs/release)]. Older versions of
> Bootstrap are also getting flagged in security scans for various CVEs:
> * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889]
> * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700]
> * [https://snyk.io/vuln/npm:bootstrap:20180529]
> * [https://snyk.io/vuln/npm:bootstrap:20160627]
> I haven't validated each CVE, but it would probably be good practice to
> resolve any potential issues and get on a supported release.
> The bad news is that there have been quite a few changes between Bootstrap 2
> and Bootstrap 4. I've tried updating the library, refactoring/tweaking the
> CSS and JS to maintain a similar appearance and functionality, and testing
> the documentation. As with the ticket created for the outdated Bootstrap
> version in the docs (SPARK-30654), this is a fairly large change so I'm sure
> additional testing and fixes will be needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
