[jira] [Updated] (YUNIKORN-3195) update angular for security fixes

Wilfred Spiegelenburg (Jira) Wed, 14 Jan 2026 03:58:26 -0800


     [ 
https://issues.apache.org/jira/browse/YUNIKORN-3195?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Wilfred Spiegelenburg updated YUNIKORN-3195:
--------------------------------------------
    Priority: Critical  (was: Major)

> update angular for security fixes
> ---------------------------------
>
>                 Key: YUNIKORN-3195
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-3195
>             Project: Apache YuniKorn
>          Issue Type: Task
>          Components: security, webapp
>            Reporter: Wilfred Spiegelenburg
>            Assignee: Wilfred Spiegelenburg
>            Priority: Critical
>              Labels: pull-request-available
>
> Dependabot marked 4 CVE impacts on the master branch:
>  * #138 High 
> [qs's arrayLimit bypass in its bracket notation allows DoS via memory 
> exhaustion|https://github.com/apache/yunikorn-web/security/dependabot/138] 
>  * #140 High
> [Anthropic's MCP TypeScript SDK has a ReDoS 
> vulnerability|https://github.com/apache/yunikorn-web/security/dependabot/140]
>  * #142 High
> [Angular has XSS Vulnerability via Unsanitized SVG Script 
> Attributes|https://github.com/apache/yunikorn-web/security/dependabot/142]
>  * #141 High
> [Angular has XSS Vulnerability via Unsanitized SVG Script 
> Attributes|https://github.com/apache/yunikorn-web/security/dependabot/141]
> Looking at fixing this and backporting into 1.8



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Updated] (YUNIKORN-3195) update angular for security fixes

Reply via email to