Changelog #39
A few security vulnerabilities have been identified for Bootstrap 3 and we are releasing an update that addresses this issue and affects the two main subthemes in our codebase.
If you are a developer or site owner and are using one of the two main subthemes - ucsbweb or ucsbwebsub - this release contains security patches that address the vulnerabilities and can now be tested against your Web Theme site on the Pantheon dashboard.
If you are a developer or site owner and are not using one of the two main subthemes - ucsbweb or ucsbwebsub - more action needs to be taken for proper remediation efforts. To help accomplish this task and get all Web Theme sites secured, we have created a new repository in GitHub to both evaluate and remediate all sites.
To check the theme being used on your Web Theme site:
- Login and go to Admin > Appearance
- Under 'Installed Themes' check the first theme listed.
- The default theme must be UCSB Web 1.0.0 or UCSB Web Subtheme 1.0.0
If you are a developer or site owner and have created and enabled a custom module on your Web Theme site, your site may also be at risk. Please refer to the GH Repo link (available through the private UCSB organization account) to read more about custom modules and how to remediate those.
References
GH repository for a more comprehensive breakdown of the security risks