Hi there,

I appreciate you reaching out. I sincerely apologize for this oversight. I will talk to with our developer team and let you know the update.

-Thanks

Thank you Please keep updated when it will be updated/fix

Developer team is checking this issue. Thanks

Hi Any updates from Developer team on this?

Please download the 3.8.10 version. Thanks

Hi

Am getting the same vulneravility report and have Page Builder Pro 5.1.3 installed.

components/com_sppagebuilder/assets/js/sppagebuilder.js "The identified library bootstrap, version 3.2.0 is vulnerable."

Is there any fix for this? Will need to get this fixed asap as my sites need penetration testing accreditation.

Thanks, Marius

Look in the js script I mentioned and search for 3.2.0, this version of bootstrap is vulnerable https://security.snyk.io/package/npm/bootstrap/3.2.0

@Marius - Thanks for details, I added that to our Backlog with High priority status.

Probably some old lines left from BT3 .js - that's why.

We are working to improve that. But it request time becuase it's realted with used addons.

And for sure it will be fixed in SPPB 5.1.x update.

Hi, I'm running SPPB 5.2.4 pro and trying to pass a security audit. It's failing due to this vunerable library (bootstrap 3.2.0). I'm wondering if there is any update on a fix for this?

Thanks....Vince

Hi Paul, Thanks for your quick response. The file involved is: components/com_sppagebuilder/assets/js/sppagebuilder.js There are several lines which reference version 3.2.0. Lines: 13 (this is the one reported but I imagine if this is fixed, the next line with 3.2.0 will fail) Other lines: 51, 180, 230, 449

Thanks for looking at this.

Cheers...Vince

I knew the file, but thanks for lines...

Hi, I'm wondering if there is any update on a fix for this vunerable library (bootstrap 3.2.0) issue. I'm trying to pass a security audit and knowing any details on fix schedule would be very helpful. Any info much appreciated.

Cheers...Vince

Its been 8 months since it was first reported. Your best bet is to manually change the version number to pass the audit while you wait for the developers to update the library to the secure latest version (likely a long time). "bootstrap 3.2.0" was released 10 years ago, so not really a new security issue but sounds like developers don't want to update due to backward compatibilities

We have version that should fix that problem already , but I can share with @Jacob, becuase it was his topic.

If somebody else want to test it as well, please look down, to post below.

@Vince, @Marius

or just replace only that file: components/com_sppagebuilder/assets/js/sppagebuilder.js

Download & unzip & FTP upload/override > sppagebuilder.zip

and make audit test again.

BTW

What tool you're using?

Thanks Paul. I've downloaded and installed the replacement file. I've sent it off for testing. The testing is being done by: https://www.complade.com/ using a tool they call Maple. Thanks again for your help on this, much appreciated. I'll report back with the results of the testing.

Hi Paul, Just heard back from the audit team and the news is good. The vulnerability issue has been resolved with the new file. Again, much appreciated.

Cheers...Vince

In the upcomig update we will include that updated .js file :))

Thanks for testing, sorry that it took so long from our side.