Commit d80a3ad2 authored by Benni Mack's avatar Benni Mack Committed by Oliver Hader
Browse files

[SECURITY] Raise bootstrap 3.4.0 to fix XSS in JS components

Fixes an XSS issue in Alert, Carousel, Collapse, Dropdown, Modal,
and Tab components.

Executed tasks:
  cd Build
  yarn add bootstrap-sass@^3.4.0 --dev
  yarn exec grunt

Then copying the contents of Build/node_modules/bootstrap-sass/assets/javascripts/bootstrap.min.js
into typo3/sysext/core/Resources/Public/JavaScript/Contrib/bootstrap/bootstrap.js
additionally adding the AMD factory wrapper.

Resolves: #86580
Releases: master, 9.5, 8.7
Security-Commit: f456e3c185b23c51d08a579ceef1082df473b01b
Security-Bulletin: TYPO3-CORE-SA-2019-006
Change-Id: I235a4b5f6865afd9283cd1e692b25d3a572513ba
Reviewed-on: https://review.typo3.org/59538


Reviewed-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader's avatarOliver Hader <oliver.hader@typo3.org>
parent 18e154ec
......@@ -25,7 +25,7 @@
"@typo3/icons": "1.8.0",
"autoprefixer": "^6.3.7",
"autosize": "^3.0.21",
"bootstrap-sass": "^3.3.7",
"bootstrap-sass": "^3.4.0",
"bootstrap-slider": "^9.7.3",
"chosen-js": "^1.7.0",
"ckeditor": "^4.11.1",
......
......@@ -694,10 +694,10 @@ boom@5.x.x:
dependencies:
hoek "4.x.x"
bootstrap-sass@^3.3.7:
version "3.3.7"
resolved "https://registry.yarnpkg.com/bootstrap-sass/-/bootstrap-sass-3.3.7.tgz#6596c7ab40f6637393323ab0bc80d064fc630498"
integrity sha1-ZZbHq0D2Y3OTMjqwvIDQZPxjBJg=
bootstrap-sass@^3.4.0:
version "3.4.0"
resolved "https://registry.yarnpkg.com/bootstrap-sass/-/bootstrap-sass-3.4.0.tgz#b1c330a56782347f626d31d497fa4aea16b3f99b"
integrity sha512-qdUyw4KmNNPSIdBadn+eyuuQFH0LsZlRCs6tor1zN8sQas7mnY5JNfemauraOdNPiFQd2gFeeo3gZjZZCuohZg==
bootstrap-slider@^9.7.3:
version "9.10.0"
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment