Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-11201

Upgrade jquery-ui to 1.13.1 in UI2

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Open
    • Major
    • Resolution: Unresolved
    • None
    • None
    • yarn-ui-v2
    • None

    Description

      YARN-11092 updated the jquery-ui in the common package, but the UI2 still uses the older version 1.12.1.

      https://www.cvedetails.com/vulnerability-list/vendor_id-6538/product_id-31126/Jquery-Jquery-Ui.html

      • CVE-2021-41184
      • CVE-2021-41183
      • CVE-2021-41182

      https://github.com/apache/hadoop/blob/trunk/hadoop-yarn-project/hadoop-yarn/hadoop-yarn-ui/src/main/webapp/bower.json#L14

          "jquery-ui": "1.12.1",

      Unfortunately UI2 uses the shims repo which is not maintained https://github.com/components/jqueryui/issues/70, so if possible we should move to the main jquery repo https://github.com/jquery/jquery-ui.

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. YARN-11361 Remove jQuery dependency

          • Major - Major loss of function.
          • Open

          Activity

            People

              Unassigned Unassigned
              tdomok Tamas Domok
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: