Visit Bootstrap NES Home Page
Bootstrap NES 3.4.x Release Notes
Comprehensive release notes and changelog for Bootstrap NES 3.4.x, including security patches, bug fixes, and feature updates across all supported versions.
3 Patched Vulnerabilities
VEX Statements
3.4.8 (NES) - June 26, 2025
Notes
- This release updates the version naming scheme (i.e. to
3.4.1-bootstrap-3.4.8). There are no functional changes in this release. - Full Version:
3.4.1-bootstrap-3.4.8
Bug Fixes
- None
3.4.7 (NES) - February 21, 2025
Notes
- This release fixes a syntax error that could affect Bootstrap assets when bundled with other files. It also introduces additional security enhancements.
Bug Fixes
- Helper: Fix syntax error
- Add a trailing semicolon to
js/helpers.jsImmediately Invoked Function Expression (IIFE) statement. This prevents syntax errors with legacy bundlers that use simple concatenation.
- Add a trailing semicolon to
- Tooltip:
- Improve handling of unsanitized HTML to ensure consistent application of proper sanitization.
- This fixes a medium severity Cross-Site Scripting (XSS) vulnerability (CVE-2025-1647).
- Improve handling of unsanitized HTML to ensure consistent application of proper sanitization.
- Popover:
- Improve handling of unsanitized HTML to ensure consistent application of proper sanitization.
- This fixes a medium severity XSS vulnerability (CVE-2025-1647).
- Improve handling of unsanitized HTML to ensure consistent application of proper sanitization.
3.4.6 (NES) - January 28, 2025
Notes
- This release updates version numbers in static file headers.
Bug Fixes
- Build: Internal version text updates
- Update version text in several
.less,.css, and.jsassets to match HeroDevs NES versions and help security scanners detect the correct Bootstrap NES version number.
- Update version text in several
3.4.5 (NES) - June 21, 2024
Notes
- This release enhances the handling of attribute data used in the
Carouselcomponent.
Note
We strongly recommend that you add and use the DOMPurify library to get the proper improvements and protection for the Bootstrap NES 3.4.5 packages.
Bug Fixes
- Carousel: Improve selector extraction from carousel navigation href attributes.
3.4.4 (NES) - June 18,2024
Notes
- This release enhances the handling of attribute data used in several Bootstrap NES components.
Note
We strongly recommend that you add and use the DOMPurify library to get the proper improvements and protection for the Bootstrap NES 3.4.5 packages.
Bug Fixes
- Alert:
- Improve URL/hash extraction logic for
hrefattribute.
- Improve URL/hash extraction logic for
- Button:
- Improve handling of button state data passed through
hrefand anydata-*-textincludingdata-complete-textanddata-reset-text.- This fixes a medium severity XSS vulnerability (CVE-2024-6485).
- Improve handling of button state data passed through
- Carousel:
- Improve selector extraction from
Carouselnavigationhrefattributes. - Improve URL/hash extraction logic for
hrefattribute.
- Improve selector extraction from
- Dropdown:
- Improve URL/hash extraction logic for
hrefattribute.
- Improve URL/hash extraction logic for
- Tab:
- Improve URL/hash extraction logic for
hrefattribute.
- Improve URL/hash extraction logic for
3.4.3 (NES) - February 16, 2024
Notes
- This release fixes an issue from Bootstrap NES v3.4.2 where the minified scripts contained non-relative paths.
Bug Fixes
- Build: Fix URL paths in minified CSS to be relative to current file instead of
dist/.
3.4.2 (NES) - February 1, 2024
Notes
- This is the initial release of Bootstrap NES 3.4.x. This release contains no functional changes from Bootstrap 3.4.1.