[jira] [Updated] (HBASE-25261) Upgrade Bootstrap to 3.4.1
[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mate Szalay-Beko updated HBASE-25261: - Description: HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap] Upgrading to bootstrap 4 would be nice, but potentially more work to do. To avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. was: HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap] Upgrading to bootstrap 4 would be nice, but potentially more work to do. We should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. > Upgrade Bootstrap to 3.4.1 > -- > > Key: HBASE-25261 > URL: https://issues.apache.org/jira/browse/HBASE-25261 > Project: HBase > Issue Type: Improvement > Components: security, UI >Reporter: Mate Szalay-Beko >Assignee: Mate Szalay-Beko >Priority: Major > > HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 > medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and > CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is > here: [https://snyk.io/vuln/npm:bootstrap] > Upgrading to bootstrap 4 would be nice, but potentially more work to do. To > avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, > which is 3.4.1 currently. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HBASE-25261) Upgrade Bootstrap to 3.4.1
[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mate Szalay-Beko updated HBASE-25261: - Description: HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap] Upgrading to bootstrap 4 would be nice, but potentially more work to do. We should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. was: HBase UI is currently using in bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap] Upgrading to bootstrap 4 would be nice, but potentially more work to do. We should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. > Upgrade Bootstrap to 3.4.1 > -- > > Key: HBASE-25261 > URL: https://issues.apache.org/jira/browse/HBASE-25261 > Project: HBase > Issue Type: Improvement > Components: security, UI >Reporter: Mate Szalay-Beko >Assignee: Mate Szalay-Beko >Priority: Major > > HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 > medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and > CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is > here: [https://snyk.io/vuln/npm:bootstrap] > Upgrading to bootstrap 4 would be nice, but potentially more work to do. We > should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HBASE-25261) Upgrade Bootstrap to 3.4.1
[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Mate Szalay-Beko updated HBASE-25261: - Description: HBase UI is currently using in bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap] Upgrading to bootstrap 4 would be nice, but potentially more work to do. We should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. was: HBase UI is currently using in bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: https://snyk.io/vuln/npm:bootstrap Upgrading to bootstrap 4 would be nice, but potentially more work to do. We should upgrade to the latest bootstrap 3, which is 3.4.1 currently. > Upgrade Bootstrap to 3.4.1 > -- > > Key: HBASE-25261 > URL: https://issues.apache.org/jira/browse/HBASE-25261 > Project: HBase > Issue Type: Improvement > Components: security, UI >Reporter: Mate Szalay-Beko >Assignee: Mate Szalay-Beko >Priority: Major > > HBase UI is currently using in bootstrap 3.3.7. This version is vulnerable to > 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and > CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is > here: [https://snyk.io/vuln/npm:bootstrap] > Upgrading to bootstrap 4 would be nice, but potentially more work to do. We > should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently. -- This message was sent by Atlassian Jira (v8.3.4#803005)