Nihal Jain created HBASE-27791: ---------------------------------- Summary: Upgrade vegas and its related js libraries Key: HBASE-27791 URL: https://issues.apache.org/jira/browse/HBASE-27791 Project: HBase Issue Type: Task Components: UI Reporter: Nihal Jain Assignee: Nihal Jain
HBase is using Vega, v5.19.1, which was released on 21 Jan, 2021 and is vulnerable to cross-site scripting (XSS), CVE IDs: * [CVE-2023-26486|https://nvd.nist.gov/vuln/detail/CVE-2023-26486] * [CVE-2023-26487|https://nvd.nist.gov/vuln/detail/CVE-2023-26487] This Jira is to upgrade to latest releases: * [https://github.com/vega/vega/releases/tag/v5.24.0] * [https://github.com/vega/vega-lite/releases/tag/v5.6.1] * [https://github.com/vega/vega-embed/releases/tag/v6.21.3] -- This message was sent by Atlassian Jira (v8.20.10#820010)