| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0035126 | mantisbt | security | public | 2024-12-13 07:46 | 2024-12-14 08:52 |
| Reporter | jacek.florczyk | Assigned To | |||
| Priority | normal | Severity | major | Reproducibility | N/A |
| Status | acknowledged | Resolution | open | ||
| Product Version | 2.27.0 | ||||
| Summary | 0035126: Upgrade Bootstrap to a supported version to fix security vulnerabilities | ||||
| Description | We've run some security scans on the latest MantisBT installation and the report is showing some security issues related to the old libraries used in the code that are introducing vulnerabilities. I've attached a screenshot with part of the report. There are 2 libraries to be updated Bootstrap 3.4.1 and jquery 2.2.4. Would it be possible to update the mentioned libraries? Thanks | ||||
| Additional Information | Vulnerability mentioned in the original report's screenshot: | ||||
| Tags | No tags attached. | ||||
 |
Hello and thanks for the report @jacek.florczyk With regards to jQuery, we are aware that it is vulnerable, but unfortunately upgrading is not a simple as it may sound. Please see 0026357. The Bootstrap issue is new to me, but we are basically facing the same issue, i.e. Bootstrap 3.x has reached end-of-life and is not receiving any security fixes anymore, and upgrading to 4.x is a big undertaking that we are not able to take on right now. I will change this issue's description to track the Bootstrap upgrade. |
 |
I think as a first step it would be wise to update the table in the README.md to specify the dependencies of the libraries on each other, especially jQuery. Some libraries have a newer version that already removed this dependency. |
