New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v3.4 release #25679

Closed
rpkilby opened this Issue Feb 21, 2018 · 63 comments

Comments

Projects
None yet
@rpkilby

rpkilby commented Feb 21, 2018

Hi all, opening this to track a possible v3.4 final release. It would be great to have this, as the v3.4-dev branch includes #23687, which fixed a few xss vulnerabilities.

There are also a few remaining v3 issues, but it's not clear to me how critical they are.

@mdo

This comment has been minimized.

Member

mdo commented Feb 21, 2018

I'd like folks to weigh in here for anything else urgent for a v3.x release. We have the v3.4.0-dev branch that was cut awhile ago with a few more changes. I have this snippet from an old blog post draft summarizing some of the changes I was planning for that release:

We haven't forgotten about Bootstrap 3, and today we're shipping a quality of life update for the project. This minor release brings the docs up to speed with v4 and adds a few small features. We've promised all along our road to v4 that we'd ship a v3 update after v4 was in a better place, and we've hit just that with our recent beta progress.

New in Bootstrap 3.4 is an option to remove grid gutters, new system fonts, an improved build system, and reorganized documentation complete with DocSearch support for easier navigation.

I might need to roll back system fonts from that (older browsers and OSes had issues with it I think), but dunno about everything else yet. Getting docsearch in there would be hella rad, too.

@distinctgrey

This comment has been minimized.

distinctgrey commented Feb 27, 2018

My 2 cents:

  • release v3.3.9 with the XSS vulnerabilities fixes asap (a lot of projects are still using v3, every one of them currently has this security flaw)
  • release 3.4 with the remaining changes once someone finds more time :-)

In my case, that would enable us to switch from a private v3.3.8 fork with the XSS patch applied to the official package.

@innabauman

This comment has been minimized.

innabauman commented Apr 5, 2018

what is the timeline for v.3.4 release?

@Thorry84

This comment has been minimized.

Thorry84 commented Apr 12, 2018

Would also like to know, the XSS issue needs to be fixed, upgrading to 4.x isn't always a viable option.

@innabauman

This comment has been minimized.

innabauman commented Apr 12, 2018

@Thorry84 there is a release branch for 3.4

@LawrieR

This comment has been minimized.

LawrieR commented Apr 16, 2018

@innabauman I can only see a 3.3.7 tag or a 3.4-dev branch. Did it release branch get pulled?

@innabauman

This comment has been minimized.

innabauman commented Apr 16, 2018

there is a PR #26212

@mdo

This comment has been minimized.

Member

mdo commented Apr 17, 2018

Shipping an old release is a rather tedious and manual process. I'll try to block out some time to get this out the door soon.

@kohenkatz

This comment has been minimized.

kohenkatz commented May 7, 2018

@mdo Any updates? Our security auditor wants to know when we will get #23687.

@jawwadfarooq

This comment has been minimized.

jawwadfarooq commented May 11, 2018

Any updates when a new version of v3.x will be released with the fix of XSS vulnerability?

@rykon

This comment has been minimized.

rykon commented May 21, 2018

A fix for this known vulnerability and a date to expect the release would be appreciated.

@vuhp

This comment has been minimized.

vuhp commented Jun 7, 2018

Any updates @mdo ? When will the fix of XSS vulnerability be released?

@490386Ayan

This comment has been minimized.

490386Ayan commented Jun 23, 2018

Hi @distinctgrey ,

How we will able to apply XSS patch to Bootstrap 3.3.7?

Thanks in advance,
Ayan Pramanik

@490386Ayan

This comment has been minimized.

490386Ayan commented Jun 28, 2018

Any updates @mdo ? When will the fix of XSS vulnerability be released?

@490386Ayan

This comment was marked as outdated.

490386Ayan commented Jun 28, 2018

Any updates @mdo ? Kindly provide me Bootstrap team communication mail id , so I can drop a mail to them, since j&j facing issue too much. Thanks in advance.

@490386Ayan

This comment has been minimized.

490386Ayan commented Jun 28, 2018

We need urgent help regarding Bootstrap, I am from johnson and johnson team, we are using Bootstrap 3.3.6 for our project, our project is very big, but since it 3.3.6 has security issue so security team does not allow us for releasing, but upgrade to 4.0 is a big task, do have have any idea if we have any alternative way

@innabauman

This comment has been minimized.

innabauman commented Jun 28, 2018

Hi Ayan,
We had the similar issue and while upgrading to bootstrap 4 we created a privet fork off bootstrap 3.3.6 and include a fix from 3.4 branch.

@490386Ayan

This comment has been minimized.

490386Ayan commented Jun 28, 2018

Hi Inna,

Thank you for your reply. Can you help us how we will include a fix from 3.4 branch? Thanks in advance.

@coliff

This comment has been minimized.

Contributor

coliff commented Jun 28, 2018

Hi @490386Ayan - you can replace your Bootstrap minified JS with this one:
https://raw.githubusercontent.com/twbs/bootstrap/v3.4.0-dev/dist/js/bootstrap.min.js

Also you mentioned before you were using Bootstrap 3.3.6 - this version is incompatible with jQuery 3. If you were using Bootstrap 3.3.6 with jQuery 1.x then you would be exposed to other potential security issues. If you're upgrading to avoid security issues then you should also upgrade to jQuery 3.3.1.

@innabauman

This comment has been minimized.

innabauman commented Jun 28, 2018

Sure, give me your email address and I’ll contact you. We also upgraded jquery for the same reason

@490386Ayan

This comment was marked as outdated.

490386Ayan commented Jun 28, 2018

@490386Ayan

This comment has been minimized.

490386Ayan commented Jun 28, 2018

@coliff

Thank you very much. Did Bootstrap3.4 shared by you compatible with Jquery 3 and above?

@coliff

This comment has been minimized.

Contributor

coliff commented Jun 28, 2018

Bootstrap 3.3.7 was released in July 2016 and that release added support for jQuery 3 (and fixes a few other issues)
Blog post: http://blog.getbootstrap.com/2016/07/25/bootstrap-3-3-7-released/
Release Notes: https://github.com/twbs/bootstrap/releases/tag/v3.3.7

@490386Ayan

This comment was marked as outdated.

490386Ayan commented Jun 28, 2018

@coliff , Bootstrap 3.3.7 is working with Jquery 3 and above that we know but it has security issue. You had shared a Bootstrap version "https://raw.githubusercontent.com/twbs/bootstrap/v3.4.0-dev/dist/js/bootstrap.min.js", will it work with Juqery3.0 or above?

@490386Ayan

This comment was marked as outdated.

490386Ayan commented Jun 28, 2018

@coliff , we have already updated the Jquery version to Jquery 3.3.1, and we observed that this is not working with Bootstrap3.3.6, so we see that Bootstrap 3.3.7 is working with jquey3 but Bootstrap3.3.7 has security issues.

@490386Ayan

This comment was marked as outdated.

490386Ayan commented Jun 28, 2018

@coliff , Your provided version is working with Jquery3.0 and above, I have just checked it. I am requesting kindly confirm me do it has any security issue like Bootstrap 3.3.7? I am awaiting a reply from you. Thanks in advance.

@XhmikosR XhmikosR referenced this issue Sep 25, 2018

Merged

Release v3.4.0 #27288

19 of 19 tasks complete
@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Sep 25, 2018

#27288 is almost ready. Sorry for the delay, everyone, we'll try to be more organized from now on.

@XhmikosR XhmikosR added has-pr and removed awaiting reply labels Sep 25, 2018

@subinmathewit

This comment has been minimized.

subinmathewit commented Sep 26, 2018

@XhmikosR Is the release globally available?

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Sep 26, 2018

The PR isn't merged yet, we'll get to it hopefully soon. I'm still making a few more tweaks.

@waliurrahman-pki

This comment has been minimized.

waliurrahman-pki commented Sep 26, 2018

@XhmikosR any tentative date when it would be available on "npm"?

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Sep 26, 2018

No, sorry. It depends on a few other things.

@khadzic

This comment has been minimized.

khadzic commented Oct 5, 2018

Where is the 3.4 branch, I can no longer find it?

@pedros007

This comment has been minimized.

pedros007 commented Oct 6, 2018

@khadzic according to this #20184 (comment) it's in the master branch.

@hetfield2k72

This comment has been minimized.

hetfield2k72 commented Oct 8, 2018

@XhmikosR any idea when we might have the 3.4 release available via Package Manager using VS.

Thanks
Chris

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Oct 8, 2018

It doesn't depend purely on me. So please, guys, I understand your position, trust me, that is why I decided to spend the time to get this out :) That being said, please don't ask us every day. You will get notified when the release is out.

@twbs twbs deleted a comment from hetfield2k72 Oct 9, 2018

@ToreOlavKristiansen

This comment has been minimized.

ToreOlavKristiansen commented Oct 29, 2018

I hate to ask, but please share an update. It looks like our best bet is to upgrade to v4 to get this fixed in a timely fashion.

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Oct 29, 2018

No news, yet, sorry. You can always use the master or the master-xmr-v3-fixes branch in the meantime. I don't expect any important changes to land there anymore before the release.

@chrisdunne

This comment has been minimized.

chrisdunne commented Nov 28, 2018

Any news

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Nov 28, 2018

Yeah, probably around December 10, hopefully.

@vuhp

This comment has been minimized.

vuhp commented Dec 10, 2018

Hi, will it be released today?

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Dec 10, 2018

I sure hope so, it's late in USA so I haven't checked with @mdo yet.

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Dec 10, 2018

Sorry for postponing this, I honestly hope it's the last time, we will release it on Thursday and then release v4.2.

@khadzic

This comment has been minimized.

khadzic commented Dec 13, 2018

Sorry for postponing this, I honestly hope it's the last time, we will release it on Thursday and then release v4.2.

Still on target for today's release?

@XhmikosR

This comment has been minimized.

Member

XhmikosR commented Dec 13, 2018

Yup, waiting for @mdo and we'll start.

@khadzic

This comment has been minimized.

khadzic commented Dec 13, 2018

Yup, waiting for @mdo and we'll start.

Awesome, looking forward to it!

@dale-vanzile

This comment has been minimized.

dale-vanzile commented Dec 13, 2018

Hi, it's been a couple hours since the last question regarding ETA.

Do I have time to grab lunch before this is done?
Will there be an announcement here when it's done?

Thanks 👍 :)

@mdo

This comment has been minimized.

Member

mdo commented Dec 13, 2018

We just merged #27288—release inbound!

@mdo mdo closed this Dec 13, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment