DEV Community

Bruno Bossola
Bruno Bossola

Posted on

2 1

Time to update Bootstrap and JQuery!

#opensource #javascript #vulnerabilities #cybersecurity

Bootstrap
Bootstrap v4.3.1 and v3.4.1 are out and available to patch an XSS vulnerability, CVE-2019-8331. For any users of the legacy 3.3.7, this will fix also other three XSS issues, namely CVE-2018-14040CVE-2018-14041 and CVE-2018-14042. Bootstrap now include a JavaScript sanitizer that will only allow whitelisted HTML elements in the data attribute of an element.

It's available through all the channels: as NPM package, via CDNs and for old fashioned guys also as a direct download from Github.

JQuery
Also, please do not forget JQuery! Versions prior to 3.4.0 are susceptible to prototype pollution attack (see CVE-2019-11358): even if the attack is quite complicated, it's advisable to upgrade any web app that uses jQuery code for its frontend.

You can find it as NPM package or via CDNs

Conclusions?
You do not have any excuses now: upgrade now!

profile
Tiugo Technologies
 Promoted

Tiugo image

Modular, Fast, and Built for Developers

CKEditor 5 gives you full control over your editing experience. A modular architecture means you get high performance, fewer re-renders and a setup that scales with your needs.

Start now

Top comments (0)

profile
Neon
 Promoted

Neon image

Next.js applications: Set up a Neon project in seconds

If you're starting a new project, Neon has got your databases covered. No credit cards. No trials. No getting in your way.

Get started →

👋 Kindness is contagious

Explore a trove of insights in this engaging article, celebrated within our welcoming DEV Community. Developers from every background are invited to join and enhance our shared wisdom.

A genuine "thank you" can truly uplift someone’s day. Feel free to express your gratitude in the comments below!

On DEV, our collective exchange of knowledge lightens the road ahead and strengthens our community bonds. Found something valuable here? A small thank you to the author can make a big difference.

Okay