Commit d80a3ad2 authored by Benni Mack's avatar Benni Mack Committed by Oliver Hader
Browse files

[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components

Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal,
and Tab components.

Executed tasks:
  cd Build
  yarn add bootstrap-sass@^3.4.0 --dev
  yarn exec grunt

Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js
into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js
additionally adding the AMD factory wrapper.

Resolves: #86580
Releases: master, 9.5, 8.7
Security-Commit: f456e3c185b23c51d08a579ceef1082df473b01b
Security-Bulletin: TYPO3-CORE-SA-2019-006
Change-Id: I235a4b5f6865afd9283cd1e692b25d3a572513ba

Reviewed-by: Oliver Hader's avatarOliver Hader <>
Tested-by: Oliver Hader's avatarOliver Hader <>
parent 18e154ec
......@@ -25,7 +25,7 @@
"@typo3/icons": "1.8.0",
"autoprefixer": "^6.3.7",
"autosize": "^3.0.21",
"bootstrap-sass": "^3.3.7",
"bootstrap-sass": "^3.4.0",
"bootstrap-slider": "^9.7.3",
"chosen-js": "^1.7.0",
"ckeditor": "^4.11.1",
......@@ -694,10 +694,10 @@ boom@5.x.x:
hoek "4.x.x"
version "3.3.7"
resolved ""
integrity sha1-ZZbHq0D2Y3OTMjqwvIDQZPxjBJg=
version "3.4.0"
resolved ""
integrity sha512-qdUyw4KmNNPSIdBadn+eyuuQFH0LsZlRCs6tor1zN8sQas7mnY5JNfemauraOdNPiFQd2gFeeo3gZjZZCuohZg==
version "9.10.0"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment