Hi
I have a question about bootstrap vulnerabilities.
In bootstrap versions below 4.1.2, these 3 vulnerabilities have been found:
We are using Kibana as part of our solution and when digging into the files we saw that Kibana contains references to bootstrap version 3.1.1. (e.g. link rel="stylesheet" href="https://netdna.bootstrapcdn.com/bootstrap/3.1.1/css/bootstrap.css ").
However when checking the source files in the browser (when running the project) we can't find bootstrap.css or bootstrap.min.css.
I saw on an older thread that you are migrating the bootstrap code to one of your own:
Hello there!
We are using the ELK stack at work for a bigger project and recently we come across creating some custom plugins. However, I'm not sure what version of bootstrap is embedded into Kibana. I'm trying to use some components and styles and sometimes they work, sometime not. Among the installed modules for the plugin, I have "angular-ui-bootstrap": "2.5.6" . Right now I am using the 6.2.3 release, but I can switch if needed (preferably I'd like to use Bootstrap v4).
Thanks!
My question is - is Kibana affected by those 3 vulnerabilities? We are a bit confused as to whether or not Kibana uses the relevant code of bootstrap.
Thanks
Hello, what version of Kibana are you checking? I've looked at the newest release and couldn't find any reference to bootstrap.
Hi Marta,
It looks like all the bootstrap.css references are in this directory:
one example is:
Hi,
Thanks
system
April 25, 2022, 6:52am
6
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.