You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@spark.apache.org by "Peter Toth (Jira)" <ji...@apache.org> on 2021/03/09 10:53:00 UTC

[jira] [Commented] (SPARK-30655) Update WebUI Bootstrap to 4.4.1

    [ https://issues.apache.org/jira/browse/SPARK-30655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17298005#comment-17298005 ] 

Peter Toth commented on SPARK-30655:
------------------------------------

[~d.clarke], it looks like you already fixed this in [https://github.com/apache/spark/pull/27370|https://github.com/apache/spark/pull/27370]. Shall we close this ticket?

> Update WebUI Bootstrap to 4.4.1
> -------------------------------
>
>                 Key: SPARK-30655
>                 URL: https://issues.apache.org/jira/browse/SPARK-30655
>             Project: Spark
>          Issue Type: Improvement
>          Components: Web UI
>    Affects Versions: 3.1.0
>            Reporter: Dale Clarke
>            Priority: Major
>
> Spark is using an older version of Bootstrap (v. 2.3.2) for the Web UI pages.  Bootstrap 2.x was moved to EOL in Aug 2013 and Bootstrap 3.x was moved to EOL in July 2019 ([https://github.com/twbs/release)].  Older versions of Bootstrap are also getting flagged in security scans for various CVEs:
>  * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889]
>  * [https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-173700]
>  * [https://snyk.io/vuln/npm:bootstrap:20180529]
>  * [https://snyk.io/vuln/npm:bootstrap:20160627]
> I haven't validated each CVE, but it would probably be good practice to resolve any potential issues and get on a supported release.
> The bad news is that there have been quite a few changes between Bootstrap 2 and Bootstrap 4.  I've tried updating the library, refactoring/tweaking the CSS and JS to maintain a similar appearance and functionality, and testing the documentation.  As with the ticket created for the outdated Bootstrap version in the docs (SPARK-30654), this is a fairly large change so I'm sure additional testing and fixes will be needed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@spark.apache.org
For additional commands, e-mail: issues-help@spark.apache.org