View Issue Details

IDProjectCategoryView StatusLast Update
0026160mantisbtsecuritypublic2019-09-27 02:35
Reporterhanno Assigned Todregad  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.22.0 
Target Version2.22.1Fixed in Version2.22.1 
Summary0026160: Update bundled Bootstrap to 3.4.1 (CVE-2019-8331)
Description

Bootstrap 3.4.1 fixes an XSS issue (CVE-2019-8331).
I have not analyzed if this is actually exploitable within mantis, but I think in any case it'd be good to sync to the latest version.

Release notes from Bootstrap:
https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/

TagsNo tags attached.

Relationships

related to 0024672 closedatrol Fix Bootstrap security issues (CVE-2018-14040, CVE-2018-14041, CVE-2018-14042) 

Activities

dregad

dregad

2019-09-20 10:25

developer   ~0062866

Thanks for the heads up. Will take care of it.

dregad

dregad

2019-09-20 11:11

developer   ~0062867

PR https://github.com/mantisbt/mantisbt/pull/1566

dregad

dregad

2019-09-27 02:35

developer   ~0062921

Related Changesets

MantisBT: master 1e2a3018

2019-09-20 07:00

dregad


Details Diff
Update Bootstrap to 3.4.1

Original css files were modified to remove the # on the source map file.
This prevents warnings in the browser console.

Fixes 0026160, CVE-2019-8331
Affected Issues
0026160
mod - core/constant_inc.php Diff File
rm - js/bootstrap-3.4.0.min.js Diff
add - js/bootstrap-3.4.1.min.js Diff File