You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "Ash Berlin-Taylor (JIRA)" <ji...@apache.org> on 2019/04/18 15:31:00 UTC
[jira] [Updated] (AIRFLOW-4179) Update version of Bootstrap, jQuery
in use
[ https://issues.apache.org/jira/browse/AIRFLOW-4179?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ash Berlin-Taylor updated AIRFLOW-4179:
---------------------------------------
Summary: Update version of Bootstrap, jQuery in use (was: [security] ui - outdated libraries in use)
> Update version of Bootstrap, jQuery in use
> ------------------------------------------
>
> Key: AIRFLOW-4179
> URL: https://issues.apache.org/jira/browse/AIRFLOW-4179
> Project: Apache Airflow
> Issue Type: Bug
> Components: security, ui
> Reporter: t oo
> Priority: Major
>
> "The Airflow application utilises the following three outdated libraries that contain publicly disclosed security vulnerabilities:
> -bootstrap 3.3.5
> -moment.js 2.9.0
> -jQuery 2.1.4"
> Business Impact/Attack Scenario
> The out of date libraries are vulnerable attacks such as cross-site scripting (XSS), which can be used to steal credentials, perform unauthorised actions, redirect the user to a malicious site or track the user's actions, or denial of service attacks.
> Recommendation
> "Update libraries to the latest versions at the time of writing as listed below. If old libraries are required for compatability reasons, update to the latest version of the legacy branch and review whether the application is using the vulnerable component to determine whether additional sanitisation of input may be required.
> Latest versions:
> -bootstrap 4.3.1
> -moment.js 2.19.3
> -jQuery 3.3.1"
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)