Symptom
SAP Recruiting Career Site is currently utilizing Bootstrap 3.4.1, this is the most recent version of framework 3. Bootstrap has introduced two major framework revisions since 3, versions 4 and 5.
The purpose of this document is to provide information and perspectives on the continued use of the Bootstrap version 3 responsive web framework in the SuccessFactors Recruiting Career Site Module, namely :
- Is there a security issue?
- Is there a need for operational homogenization?
- Is there a functional gap in the current technology?
For more context, below is a high-level architecture diagram, indicating where the Bootstrap library is in use within the Candidate Experience
Environment
SAP SuccessFactors Recruiting Marketing
Resolution
The continued use of Bootstrap 3 should not be interpreted as a failure of SAP to maintain technology libraries, or a lack of investment in this product area. There are several critical technology upgrade projects currently underway in the Career Site product. The decision to prioritize a technology upgrade is driven by multiple considerations.
Making the correct decisions is critical to ensuring sufficient engineering capacity is reserved to improve product functionality. Bootstrap makes significant framework revisions in their major release versions. Major release versions are not backwards compatible with previous major versions. Introducing a new major version requires reviewing and possibly reimplementing every UI component available on the Career Site.
Additionally, customers will need to review any custom components which they have developed. These custom components will require adjustments or reimplementation.
With those points in consideration, preparations to upgrade to the lasted version are underway. Our technical team are working on an interim solution to mitigate any issue with the current version of that library.
This article will be updated as the situation evolve, and customers are invited to add it as a favorite and check on it regularly.
Keywords
vulnerability, security, library, Cross-Site Scripting (XSS) , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , LOD-SF-RMK-PSI , Security , Problem