0026160: Update bundled Bootstrap to 3.4.1 (CVE-2019-8331)

ID	Project	Category	View Status	Date Submitted	Last Update
0026160	mantisbt	security	public	2019-09-19 17:15	2019-09-27 02:35

Reporter	hanno	Assigned To	dregad
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed
Product Version	2.22.0
Target Version	2.22.1	Fixed in Version	2.22.1

Summary	0026160: Update bundled Bootstrap to 3.4.1 (CVE-2019-8331)
Description	Bootstrap 3.4.1 fixes an XSS issue (CVE-2019-8331). I have not analyzed if this is actually exploitable within mantis, but I think in any case it'd be good to sync to the latest version. Release notes from Bootstrap: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
Tags	No tags attached.

dregad 2019-09-20 10:25 developer ~0062866	Thanks for the heads up. Will take care of it.

dregad 2019-09-20 11:11 developer ~0062867	PR https://github.com/mantisbt/mantisbt/pull/1566

dregad 2019-09-27 02:35 developer ~0062921

MantisBT: master 1e2a3018 2019-09-20 07:00 dregad Details Diff	Update Bootstrap to 3.4.1 Original css files were modified to remove the # on the source map file. This prevents warnings in the browser console. Fixes 0026160, CVE-2019-8331	Affected Issues 0026160
	mod - core/constant_inc.php	Diff File
	rm - js/bootstrap-3.4.0.min.js	Diff
	add - js/bootstrap-3.4.1.min.js	Diff File