Project

General

Profile

Fix #37834

mgr/dashboard: Update Bootstrap to 3.4.0

Added by Lenz Grimmer 6 months ago. Updated 3 months ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
dashboard/general
Target version:
-
Start date:
01/08/2019
Due date:
% Done:

0%

Source:
Tags:
Backport:
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

Bootstrap 3.4.0 has been released a few weeks ago, which contains a fix for an XSS issue. Please update the dashboard code accordingly.


Related issues

Copied to mgr - Backport #38986: nautilus: mgr/dashboard: Update Bootstrap to 3.4.0 Rejected

History

#1 Updated by Lenz Grimmer 6 months ago

  • Assignee set to Tiago Melo
  • Pull request ID set to 25656

#2 Updated by Lenz Grimmer 6 months ago

  • Status changed from New to Need Review

#3 Updated by Lenz Grimmer 6 months ago

FYI: Ernesto run a quick check on the impact of this issue (https://github.com/twbs/bootstrap/pull/26630) to the dashboard codebase, and currently we are not using any of the vulnerable properties (data-parent, data-target or data-container).

$ egrep "data-(parent|target|container)" src/pybind/mgr/dashboard/frontend -RI --include="*.html" --include="*.ts" 

However, I suggest to update the Boostrap library anyway, just in case we ever plan to use any of these properties.

#4 Updated by Lenz Grimmer 6 months ago

  • Status changed from Need Review to Pending Backport

#6 Updated by Lenz Grimmer 3 months ago

  • Target version changed from v14.0.0 to v15.0.0
  • Backport changed from mimic to nautilus

#7 Updated by Nathan Cutler 3 months ago

  • Copied to Backport #38986: nautilus: mgr/dashboard: Update Bootstrap to 3.4.0 added

#8 Updated by Ricardo Marques 3 months ago

  • Status changed from Pending Backport to Resolved
  • Backport deleted (nautilus)

#9 Updated by Ricardo Marques 3 months ago

  • Target version deleted (v15.0.0)

#10 Updated by Nathan Cutler 3 months ago

Ricardo M. writes: "These changes are already included in nautilus, we don't need to create a backport PR"

Also available in: Atom PDF