Bootstrap Version In SP Pagebuilder 6.2.1
Uwe Geuder
Hello, a penetration test was carried out on our website, and the results show that in SP Page Builder the bootstrap version 3.4.1, which is outdated, is being used. Could you please let me know whether an upgrade to version 5.3.8 or newer is planned and when this will take place?
Could you please briefly confirm that version 3.4.1 used in SP Page Builder does not pose a vulnerability in terms of unauthorized access?
Thanks
Paul Frankowski
Accepted AnswerHi,
we cannot fully confirm that, becuase bootstrap that was used inside SPPB is deeply customized (is not 1:1), there was separate forum topic where @Toufiq and @Atick explained that. In big short, there are only small parts of BT 3.x.
And online testers just search patterns like version number, without thinking like we humans.
Besides, you asked about the same 2 weeks ago.
Uwe Geuder
Accepted AnswerNo I didn´ask the same two weeks ago. My central question is whether you can classify the software as safe: "Could you please briefly confirm that version 3.4.1 used in SP Page Builder does not pose a vulnerability in terms of unauthorized access?"
f you could confirm this for me, your software would be accepted.
Paul Frankowski
Accepted AnswerI have to wait with full confirmation till Friday. Please remind me at the morning that day. We both have the same Time Zone.
But as I know, thru current script attact is not possible.
Uwe Geuder
Accepted AnswerGood morning, you asked me on Wednesday to remind you about making a specific statement on the topic of ‘script attack.’ Thank you for your feedback.
Paddy Wanless
Accepted AnswerHi,
I'm also wondering if there is an update to this question?
Our website(s) have also failed a penetration test due to this issue.
Thanks in advance for any updates,
Paddy