You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Peter Somogyi (Jira)" <ji...@apache.org> on 2020/11/17 16:18:00 UTC

[jira] [Resolved] (HBASE-25261) Upgrade Bootstrap to 3.4.1

     [ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Peter Somogyi resolved HBASE-25261.
-----------------------------------
    Fix Version/s: 2.3.4
                   2.2.7
                   2.4.0
                   1.7.0
                   3.0.0-alpha-1
       Resolution: Fixed

> Upgrade Bootstrap to 3.4.1
> --------------------------
>
>                 Key: HBASE-25261
>                 URL: https://issues.apache.org/jira/browse/HBASE-25261
>             Project: HBase
>          Issue Type: Improvement
>          Components: security, UI
>            Reporter: Mate Szalay-Beko
>            Assignee: Mate Szalay-Beko
>            Priority: Major
>             Fix For: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4
>
>
> HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap]
> Upgrading to bootstrap 4 would be nice, but potentially more work to do. To avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)