Bootstrap
Bootstrap v4.3.1 and v3.4.1 are out and available to patch an XSS vulnerability, CVE-2019-8331. For any users of the legacy 3.3.7, this will fix also other three XSS issues, namely CVE-2018-14040, CVE-2018-14041 and CVE-2018-14042. Bootstrap now include a JavaScript sanitizer that will only allow whitelisted HTML elements in the data attribute of an element.
It's available through all the channels: as NPM package, via CDNs and for old fashioned guys also as a direct download from Github.
JQuery
Also, please do not forget JQuery! Versions prior to 3.4.0 are susceptible to prototype pollution attack (see CVE-2019-11358): even if the attack is quite complicated, it's advisable to upgrade any web app that uses jQuery code for its frontend.
You can find it as NPM package or via CDNs
Conclusions?
You do not have any excuses now: upgrade now!
Top comments (0)