Actions
Bug #37834
closedmgr/dashboard: Update Bootstrap to 3.4.0
% Done:
0%
Source:
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Description
Bootstrap 3.4.0 has been released a few weeks ago, which contains a fix for an XSS issue. Please update the dashboard code accordingly.
Updated by Lenz Grimmer over 5 years ago
- Assignee set to Tiago Melo
- Pull request ID set to 25656
Updated by Lenz Grimmer over 5 years ago
- Status changed from New to Fix Under Review
Updated by Lenz Grimmer over 5 years ago
FYI: Ernesto run a quick check on the impact of this issue (https://github.com/twbs/bootstrap/pull/26630) to the dashboard codebase, and currently we are not using any of the vulnerable properties (data-parent, data-target or data-container).
$ egrep "data-(parent|target|container)" src/pybind/mgr/dashboard/frontend -RI --include="*.html" --include="*.ts"
However, I suggest to update the Boostrap library anyway, just in case we ever plan to use any of these properties.
Updated by Lenz Grimmer over 5 years ago
- Status changed from Fix Under Review to Pending Backport
Updated by Lenz Grimmer about 5 years ago
- Target version changed from v14.0.0 to v15.0.0
- Backport changed from mimic to nautilus
Updated by Nathan Cutler about 5 years ago
- Copied to Backport #38986: nautilus: mgr/dashboard: Update Bootstrap to 3.4.0 added
Updated by Ricardo Marques about 5 years ago
- Status changed from Pending Backport to Resolved
- Backport deleted (
nautilus)
Updated by Nathan Cutler about 5 years ago
Ricardo M. writes: "These changes are already included in nautilus, we don't need to create a backport PR"
Updated by Ernesto Puerta about 3 years ago
- Tracker changed from Fix to Bug
- Project changed from mgr to Dashboard
- Category changed from 132 to General
- Regression set to No
- Severity set to 3 - minor
Actions