openanalytics
Update Bootstrap off version 3.X
The version of Bootstrap used is 3.4.1. This is end-of-life (EOL). It won't be receiving any more updates. It may be prudent to update to a newer version of Bootstrap as some CVEs may start to show up.
Hi
We are aware of this issue, however, since ShinyProxy allows to adapt the templates, this would mean users have to update their custom templates as well. This is not really a problem, but we would like to combine this with a better system for customizing ShinyProxy. For example, splitting the templates into smaller fragments, such that it it's easier to change small things. We don't want users to have to rewrite their templates with every updated, therefore we've postponed updating bootstrap.
Nevertheless, in the last release of ShinyProxy, we created a custom build of bootstrap, that strips out any part of boostrap ShinyProxy doesn't need. Luckily ShinyProxy does not use any part that has a known CVE, so the version of bootstrap we're using is safe.
See these source files:
- https://github.com/openanalytics/containerproxy/blob/master/src/main/resources/static/css/bootstrap.css
- https://github.com/openanalytics/containerproxy/blob/master/src/main/resources/static/js/bootstrap.js
