Skip to content
  • benni's avatar
    [SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components · d80a3ad2
    benni authored and Oliver Hader's avatar Oliver Hader committed
    Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal,
    and Tab components.
    
    Executed tasks:
      cd Build
      yarn add bootstrap-sass@^3.4.0 --dev
      yarn exec grunt
    
    Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js
    into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js
    additionally adding the AMD factory wrapper.
    
    Resolves: #86580
    Releases: master, 9.5, 8.7
    Security-Commit: f456e3c185b23c51d08a579ceef1082df473b01b
    Security-Bulletin: TYPO3-CORE-SA-2019-006
    Change-Id: I235a4b5f6865afd9283cd1e692b25d3a572513ba
    Reviewed-on: https://review.typo3.org/59538
    
    
    Reviewed-by: default avatarOliver Hader <oliver.hader@typo3.org>
    Tested-by: default avatarOliver Hader <oliver.hader@typo3.org>
    d80a3ad2
This project manages its dependencies using Yarn. Learn more