Hi,
Our security team has flagged a vulnerability in the file
apache-jmeter\bin\report-template\sbadmin2-1.0.7\bower_components\bootstrap\dist\js\bootstrap.min.js
The latest JMeter version 5.5 still uses the same version of bootstrap (3.3.7),
any way this can be updated to the latest version 5.2.0?
Vulnerability info:
* CWE-79 Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')
* In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is
possible in the data-target attribute, a different vulnerability than
CVE-2018-14041.
* In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent
attribute.
* In Bootstrap before 4.1.2, XSS is possible in the data-target property
of scrollspy.
* In Bootstrap before 4.1.2, XSS is possible in the data-container
property of tooltip.
* In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in
the tooltip or popover data-template attribute.
