[ https://issues.apache.org/jira/browse/SPARK-30655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298005#comment-17298005 ]
Peter Toth commented on SPARK-30655: ------------------------------------ [~d.clarke], it looks like you already fixed this in [https://github.com/apache/spark/pull/27370|https://github.com/apache/spark/pull/27370]. Shall we close this ticket? > Update WebUI Bootstrap to 4.4.1 > ------------------------------- > > Key: SPARK-30655 > URL: https://issues.apache.org/jira/browse/SPARK-30655 > Project: Spark > Issue Type: Improvement > Components: Web UI > Affects Versions: 3.1.0 > Reporter: Dale Clarke > Priority: Major > > Spark is using an older version of Bootstrap (v. 2.3.2) for the Web UI pages. > Bootstrap 2.x was moved to EOL in Aug 2013 and Bootstrap 3.x was moved to > EOL in July 2019 ([https://github.com/twbs/release)]. Older versions of > Bootstrap are also getting flagged in security scans for various CVEs: > * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889] > * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700] > * [https://snyk.io/vuln/npm:bootstrap:20180529] > * [https://snyk.io/vuln/npm:bootstrap:20160627] > I haven't validated each CVE, but it would probably be good practice to > resolve any potential issues and get on a supported release. > The bad news is that there have been quite a few changes between Bootstrap 2 > and Bootstrap 4. I've tried updating the library, refactoring/tweaking the > CSS and JS to maintain a similar appearance and functionality, and testing > the documentation. As with the ticket created for the outdated Bootstrap > version in the docs (SPARK-30654), this is a fairly large change so I'm sure > additional testing and fixes will be needed. -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org For additional commands, e-mail: issues-h...@spark.apache.org