Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump Bootstrap version, per CVE-2018-14040 (orchestrator/vtorc) #7824

Merged
merged 1 commit into from
Apr 12, 2021
Merged

Bump Bootstrap version, per CVE-2018-14040 (orchestrator/vtorc) #7824

merged 1 commit into from
Apr 12, 2021

Conversation

shlomi-noach
Copy link
Contributor

Description

Bump Bootstrap to version v3.4.1 to fix https://nvd.nist.gov/vuln/detail/CVE-2018-14040

Applies to vtorc, which is still in EXPERIMENTAL state.

Related Issue(s)

Checklist

  • Should this PR be backported?
  • Tests were added or are not required
  • Documentation was added or is not required

Deployment Notes

Impacted Areas in Vitess

Components that this PR will affect:

  • Query Serving
  • VReplication
  • Cluster Management
  • Build/CI
  • VTAdmin

@shlomi-noach
Bump Boostrap version to v3.4.1
469acb8 
Signed-off-by: Shlomi Noach <2607934+shlomi-noach@users.noreply.github.com>
deepthi
deepthi approved these changes Apr 12, 2021
View reviewed changes
Copy link
Member

@deepthi deepthi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I won't pretend I understand the change 😄
Rubberstamping.

@shlomi-noach
Copy link
Contributor Author

I won't pretend I understand the change smile

It's just replacing the js+css files with a more recent version (trusting whatever bootstrap.js officially release), and updating a CSS file to avoid breaking a line 😂 🤷

@shlomi-noach shlomi-noach merged commit cdaa28a into vitessio:master Apr 12, 2021
@shlomi-noach shlomi-noach deleted the bootstrap-bump-cve-2018-14040 branch April 12, 2021 17:53
@askdba askdba added this to the v11.0 milestone Apr 13, 2021
@askdba askdba added the Type: Enhancement Logical improvement (somewhere between a bug and feature) label Apr 23, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@deepthi deepthi deepthi approved these changes

Assignees
No one assigned
Labels
Component: Cluster management Type: Enhancement Logical improvement (somewhere between a bug and feature)
Projects
None yet
Milestone
v11.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shlomi-noach @deepthi @askdba