Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-11201

Upgrade jquery-ui to 1.13.1 in UI2

Add voteVotersWatch issueWatchersCreate sub-taskLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • yarn-ui-v2
    • None

    Description

      YARN-11092 updated the jquery-ui in the common package, but the UI2 still uses the older version 1.12.1.

      https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-31126/Jquery-Jquery-Ui.html

      • CVE-2021-41184
      • CVE-2021-41183
      • CVE-2021-41182

      https://github.com/apache/hadoop/blob/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/src/main/webapp/bower.json#L14

          "jquery-ui": "1.12.1",

      Unfortunately UI2 uses the shims repo which is not maintained https://github.com/components/jqueryui/issues/70, so if possible we should move to the main jquery repo https://github.com/jquery/jquery-ui.

      Attachments

        Issue Links

        relates to

        Improvement - An improvement or enhancement to an existing feature or task. YARN-11361 Remove jQuery dependency

        • Major - Major loss of function.
        • In Progress

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            tdomok Tamas Domok
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:

              Slack

                Issue deployment