Project

General

Profile

Fix #37834

mgr/dashboard: Update Bootstrap to 3.4.0

Added by Lenz Grimmer 8 days ago. Updated 5 days ago.

Status:
Pending Backport
Priority:
Normal
Assignee:
Category:
dashboard/general
Target version:
Start date:
01/08/2019
Due date:
% Done:

0%

Source:
Tags:
Backport:
mimic
Reviewed:
Affected Versions:
ceph-qa-suite:
Pull request ID:

Description

Bootstrap 3.4.0 has been released a few weeks ago, which contains a fix for an XSS issue. Please update the dashboard code accordingly.


Related issues

Copied to mgr - Backport #37893: mimic: mgr/dashboard: Update Bootstrap to 3.4.0 New

History

#1 Updated by Lenz Grimmer 7 days ago

  • Assignee set to Tiago Melo
  • Pull request ID set to 25656

#2 Updated by Lenz Grimmer 7 days ago

  • Status changed from New to Need Review

#3 Updated by Lenz Grimmer 7 days ago

FYI: Ernesto run a quick check on the impact of this issue (https://github.com/twbs/bootstrap/pull/26630) to the dashboard codebase, and currently we are not using any of the vulnerable properties (data-parent, data-target or data-container).

$ egrep "data-(parent|target|container)" src/pybind/mgr/dashboard/frontend -RI --include="*.html" --include="*.ts" 

However, I suggest to update the Boostrap library anyway, just in case we ever plan to use any of these properties.

#4 Updated by Lenz Grimmer 5 days ago

  • Status changed from Need Review to Pending Backport

#5 Updated by Nathan Cutler 2 days ago

  • Copied to Backport #37893: mimic: mgr/dashboard: Update Bootstrap to 3.4.0 added

Also available in: Atom PDF