/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PublicSymptom
SAP Recruiting Career Site is currently utilizing Bootstrap 3.
The purpose of this document is to provide information and perspectives on the continued use of the Bootstrap version 3 responsive web framework in the SuccessFactors Recruiting Career Site Module, namely :
- Is there a security issue?
- Is there a need for operational homogenization?
- Is there a functional gap in the current technology?
For more context, below is a high-level architecture diagram, indicating where the Bootstrap library is in use within the Candidate Experience 
Environment
SAP SuccessFactors Recruiting Marketing
Resolution
The continued use of Bootstrap 3 should not be interpreted as a failure of SAP to maintain technology libraries, or a lack of investment in this product area. There are several critical technology upgrade projects currently underway in the Career Site product. The decision to prioritize a technology upgrade is driven by multiple considerations.
Making the correct decisions is critical to ensuring sufficient engineering capacity is reserved to improve product functionality. Bootstrap makes significant framework revisions in their major release versions. Major release versions are not backwards compatible with previous major versions. Introducing a new major version requires reviewing and possibly reimplementing every UI component available on the Career Site.
Additionally, customers will need to review any custom components which they have developed. These custom components will require adjustments or reimplementation.
With those points in consideration, we are upgrading from Bootstrap 3.4.1 to Bootstrap 3.4.8 NES (Never Ending Support), which brings long-term stability, security patches, and ongoing improvements. This ensures our applications remain secure, and future-proof without requiring a disruptive migration.
This version is available in Production with the 2H2025 release.
Keywords
vulnerability, security, library, Cross-Site Scripting (XSS) , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , LOD-SF-RMK-PSI , Security , Problem
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)