Bootstrapp@3.3.7 is vulnerable to XSS - Fix is in Bootstrap@3.4.0
narfk opened this issue · 7 comments
Bootstrapp@3.3.7 is vulnerable to XSS (https://snyk.io/vuln/npm:bootstrap?lh@3.3.7)
Fixes are available in Bootstrap 3.4.0 or higher.
Please update bootstrap-sass
Bootstrap 3.4.0 has not been released yet. This gem will be updated once it's released upstream. You can use branch next
at this commit in the meantime: 7ac94c9
👍
@glebm any updates on 3.4.0 update for this gem?
3.4.0 still hasn't been released upstream
@glebm There are updates in the bootstrap 3.4.0-dev branch. Will they be synced automatically in the next branch of bootstrap-sass?
@don-spyker They are in the next
branch now along with sass -> sassc migration and other minor changes.
Closing this issue as there is nothing to do here until 3.4.0 has been released upstream.