You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hbase.apache.org by "Peter Somogyi (Jira)" <ji...@apache.org> on 2020/11/17 16:18:00 UTC
[jira] [Resolved] (HBASE-25261) Upgrade Bootstrap to 3.4.1
[ https://issues.apache.org/jira/browse/HBASE-25261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Peter Somogyi resolved HBASE-25261.
-----------------------------------
Fix Version/s: 2.3.4
2.2.7
2.4.0
1.7.0
3.0.0-alpha-1
Resolution: Fixed
> Upgrade Bootstrap to 3.4.1
> --------------------------
>
> Key: HBASE-25261
> URL: https://issues.apache.org/jira/browse/HBASE-25261
> Project: HBase
> Issue Type: Improvement
> Components: security, UI
> Reporter: Mate Szalay-Beko
> Assignee: Mate Szalay-Beko
> Priority: Major
> Fix For: 3.0.0-alpha-1, 1.7.0, 2.4.0, 2.2.7, 2.3.4
>
>
> HBase UI is currently using bootstrap 3.3.7. This version is vulnerable to 4 medium CVEs (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, and CVE-2019-8331). Details on all the bootstrap versions and vulnerabilities is here: [https://snyk.io/vuln/npm:bootstrap]
> Upgrading to bootstrap 4 would be nice, but potentially more work to do. To avoid these CVE issues, we should at least upgrade to the latest bootstrap 3, which is 3.4.1 currently.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)