Sage 9.0.9 has been released with Bootstrap 4.3.1 support.
A couple days ago Bootstrap 4.3.0 and Sage 9.0.8 were released, but today Bootstrap released 4.3.1 to patch an XSS vulnerability. Bootstrap 4.3.1 also includes a fix to the new responsive font size mixins that were added in 4.3.0.
To resolve the issue, we’ve implemented a new JavaScript sanitizer to only allow whitelisted HTML elements in data attribute. You may modify our sanitization implementation to customize the HTML element whitelist, totally disable the sanitization, or pass your own sanitize function (useful if you use your own library). However, for added protection, there is no way to modify the sanitization via data attributes—you must modify these plugin options via the JavaScript API.
If you happened to already update to 4.3.0 or created a new project with Sage 9.0.8 and Bootstrap, you can make a one-line change to package.json
to get the latest version of Bootstrap:
...
"dependencies": {
- "bootstrap": "v4.3.0",
+ "bootstrap": "v4.3.1",
...
After updating package.json
, run yarn
to update Bootstrap and then continue working on your theme!
Start the discussion on Roots Discourse