Nihal Jain created HBASE-27791:
----------------------------------
Summary: Upgrade vegas and its related js libraries
Key: HBASE-27791
URL: https://issues.apache.org/jira/browse/HBASE-27791
Project: HBase
Issue Type: Task
Components: UI
Reporter: Nihal Jain
Assignee: Nihal Jain
HBase is using Vega, v5.19.1, which was released on 21 Jan, 2021 and is
vulnerable to cross-site scripting (XSS), CVE IDs:
* [CVE-2023-26486|https://nvd.nist.gov/vuln/detail/CVE-2023-26486]
* [CVE-2023-26487|https://nvd.nist.gov/vuln/detail/CVE-2023-26487]
This Jira is to upgrade to latest releases:
* [https://github.com/vega/vega/releases/tag/v5.24.0]
* [https://github.com/vega/vega-lite/releases/tag/v5.6.1]
* [https://github.com/vega/vega-embed/releases/tag/v6.21.3]
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
