[jira] [Resolved] (HBASE-25261) Upgrade Bootstrap to 3.4.1

Peter Somogyi (Jira) Tue, 17 Nov 2020 08:18:23 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Peter Somogyi resolved HBASE-25261.
-----------------------------------
    Fix Version/s: 2.3.4
                   2.2.7
                   2.4.0
                   1.7.0
                   3.0.0-alpha-1
       Resolution: Fixed

> Upgrade Bootstrap to 3.4.1
> --------------------------
>
>                 Key: HBASE-25261
>                 URL: https://issues.apache.org/jira/browse/HBASE-25261
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, UI
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>             Fix For: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4
>
>
> HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 
> medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and 
> CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is 
> here: [https://snyk.io/vuln/npm:bootstrap]
> Upgrading to bootstrap 4 would be nice, but potentially more work to do. To 
> avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, 
> which is 3.4.1 currently.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Resolved] (HBASE-25261) Upgrade Bootstrap to 3.4.1

Reply via email to