Bootstrapp@3.3.7 is vulnerable to XSS - Fix is in Bootstrap@3.4.0

[narfk]

Bootstrapp@3.3.7 is vulnerable to XSS (https://snyk.io/vuln/npm:bootstrap?lh@3.3.7) Fixes are available in Bootstrap 3.4.0 or higher.

Please update bootstrap-sass

[glebm]

Bootstrap 3.4.0 has not been released yet. This gem will be updated once it's released upstream. You can use branch next at this commit in the meantime: https://github.com/twbs/bootstrap-sass/commit/7ac94c96ef4e0007c7ad3cb73b57e1219b3529bd

[narfk]

👍

[samgranger]

@glebm any updates on 3.4.0 update for this gem?

[glebm]

3.4.0 still hasn't been released upstream

[votw]

@glebm : Any idea on release timelines for this fix?

[don-spyker]

@glebm There are updates in the bootstrap 3.4.0-dev branch. Will they be synced automatically in the next branch of bootstrap-sass?

[glebm]

@don-spyker They are in the next branch now along with sass -> sassc migration and other minor changes.

Closing this issue as there is nothing to do here until 3.4.0 has been released upstream.