Replies: 1 comment 1 reply
-
There are currently no plans to ever do that, as the effort would be inconceivably gigantic for very little gain. After all, it's mostly a CSS - framework and CSS frameworks don't have security issues. Yes, it includes a bunch of JS, only very little of which we use, and we are not aware of security issues relevant to the usage in pretix. If your pentest process cannot account for that, I'm sorry 😔 I think we'll most likely over time migrate to something self-made that builds up on bootstrap3 but modernizes individual aspects at some point. |
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Are there any plans on updating the Bootstrap version?
The currently used version (v3.x.x) has reached the end-of-life a long time ago.
https://endoflife.date/bootstrap
If pretix will be used in environments that require pentesting (for me that is the case), this will cause the test to fail as there are no more critical/security updates.
Beta Was this translation helpful? Give feedback.
All reactions