Time to update Bootstrap and JQuery!

#opensource #javascript #vulnerabilities #cybersecurity

Bootstrap
Bootstrap v4.3.1 and v3.4.1 are out and available to patch an XSS vulnerability, CVE-2019-8331. For any users of the legacy 3.3.7, this will fix also other three XSS issues, namely CVE-2018-14040, CVE-2018-14041 and CVE-2018-14042. Bootstrap now include a JavaScript sanitizer that will only allow whitelisted HTML elements in the data attribute of an element.

It's available through all the channels: as NPM package, via CDNs and for old fashioned guys also as a direct download from Github.

JQuery
Also, please do not forget JQuery! Versions prior to 3.4.0 are susceptible to prototype pollution attack (see CVE-2019-11358): even if the attack is quite complicated, it's advisable to upgrade any web app that uses jQuery code for its frontend.

You can find it as NPM package or via CDNs

Conclusions?
You do not have any excuses now: upgrade now!

JavaScript UI Libraries for Surveys and Forms

SurveyJS lets you build a JSON-based form management system that integrates with any backend, giving you full control over your data and no user limits. Includes support for custom question types, skip logic, integrated CCS editor, PDF export, real-time analytics & more.

Learn more