Bootstrapp@3.3.7 is vulnerable to XSS - Fix is in Bootstrap@3.4.0

Question

Bootstrapp@3.3.7 is vulnerable to XSS - Fix is in Bootstrap@3.4.0

narfk opened this issue 6 years ago · 7 comments

Bootstrapp@3.3.7 is vulnerable to XSS (https://snyk.io/vuln/npm:bootstrap?lh@3.3.7)
Fixes are available in Bootstrap 3.4.0 or higher.

Please update bootstrap-sass

narfk commented 6 years ago

👍

Answer 1 · 2018-04-17T23:01:32.000Z

Bootstrap 3.4.0 has not been released yet. This gem will be updated once it's released upstream. You can use branch next at this commit in the meantime: 7ac94c9

Answer 2 · 2018-08-08T12:49:58.000Z

@glebm any updates on 3.4.0 update for this gem?

Answer 3 · 2018-08-08T14:11:11.000Z

3.4.0 still hasn't been released upstream

Answer 4 · 2018-08-13T17:47:01.000Z

@glebm : Any idea on release timelines for this fix?

Answer 5 · 2018-08-17T07:46:54.000Z

@glebm There are updates in the bootstrap 3.4.0-dev branch. Will they be synced automatically in the next branch of bootstrap-sass?

Answer 6 · 2018-08-21T22:11:15.000Z

@don-spyker They are in the next branch now along with sass -> sassc migration and other minor changes.

Closing this issue as there is nothing to do here until 3.4.0 has been released upstream.