Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-28832

Upgrade from bootstrap 3.4.1 to non vulnerable version 5.3.3

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: In Progress
    • Major
    • Resolution: Unresolved
    • None
    • None
    • security, UI
    • None

    Description

      Bootstrap 3.4.1 was released in 13 Feb, 2019 and there has been no new 3.x release since then. This version of bootstrap has multiple medium CVEs reported recently.
      See https://security.snyk.io/package/npm/bootstrap/3.4.1 for details.

      CVE List:

      Related Github Issue/Advisory:

      Based on synk.io the only non-vulnerable version seems to be in 5.x line.
      Upgrading from 3.x to 4.x itself would be substantial work. So may be we would have to move step by step i.e. migrate from 3.x to 4.x and then 4.x to 5.x.

      This JIRA is to capture all sub-task needed to achieve same.

      Attachments

        Issue Links

          is cloned by

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-28921 Avoid bundling hbase-webapps folder in default jars

          • Major - Major loss of function.
          • Resolved
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-28983 Static resources are not loaded on REST web UI pages

          • Major - Major loss of function.
          • Open

          Activity

            People

              paksyd Dávid Paksy
              nihaljain.cs Nihal Jain
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated: