Hi folks
I was running my Anvil app through https://www.webpagetest.org/ and it got an A for all dimensions except security, for which it got a B. Looking into the reasons for this, and apparently an old/vulnerable Bootstrap version is being used.
More details at this link. I don’t know enough about these things to be sure if it’s a real-world problem, but maybe this is something the team wants to look into?
Cheers
Simon
I can confirm that these vulnerability affects parts of Bootstrap that Anvil does not use, so this vulnerability is not exposed 
Nevertheless, we’ll get that updated.
We ran a test against OWASP. This triggered a medium issue:
Vulnerable JS Library (Bootstrap 3.4.1) which resides in _/static/runtime/js/lib/bootstrap.min.js
Is there an update planned for?
hi @wim.vandebrug,
we do assess boostrap vulnerabilities
a couple of examples:
neither of which anvil is affected by.
note anvil-extras prior to 3.0.0 was using bootstrap popovers, so you may wish to upgrade to the latest version of anvil-extras which no longer uses any bootstrap components.
If there are any other bootstrap related CVEs you want us to look at let us know
If you want to remove bootstrap from your app, that’s also possible
see this post
