SAP Knowledge Base Article - Public

3491316 - Outdated Bootstrap.js library - Recruiting Marketing


SAP Recruiting Career Site is currently utilizing Bootstrap 3.4.1, this is the most recent version of framework 3. Bootstrap has introduced two major framework revisions since 3, versions 4 and 5. 

The purpose of this document is to provide information and perspectives on the continued use of the Bootstrap version 3 responsive web framework in the SuccessFactors Recruiting Career Site Module, namely :

  • Is there a security issue?
  • Is there a need for operational homogenization?
  • Is there a functional gap in the current technology?

 For more context, below is a high-level architecture diagram, indicating where the Bootstrap library is in use within the Candidate Experience 


SAP SuccessFactors Recruiting Marketing


The continued use of Bootstrap 3 should not be interpreted as a failure of SAP to maintain technology libraries, or a lack of investment in this product area. There are several critical technology upgrade projects currently underway in the Career Site product. The decision to prioritize a technology upgrade is driven by multiple considerations. Making the correct decisions is critical to ensuring sufficient engineering capacity is reserved to improve product functionality.


  • Backwards compatibility
    • Bootstrap makes significant framework revisions in their major release versions. Major release versions are not backwards compatible with previous major versions. Introducing a new major version requires reviewing and possibly reimplementing every UI component available on the Career Site.
    • Additionally, customers will need to review any custom components which they have developed. These custom components will require adjustments or reimplementation.
  • Functionality:  Bootstrap 3 is currently meeting our product need to provide a responsive web experience.
  • Security: SAP Security experts have reviewed the open-source library and the current Career Site implementation of this library and found no security gaps. All open-source libraries are subject to full security reviews with every major release. If a security gap with Bootstrap 3 surfaces in the future, it will be detected. Here are some examples of external security evaluations:   

Note the approach, effort, and timelines for a major Bootstrap version upgrade are currently being evaluated by SAP Engineering.


vulnerability, security, library , KBA , LOD-SF-RMK-SEC , Security & Vulnerabilities , LOD-SF-RMK-PSI , Security , Problem


SAP SuccessFactors Recruiting all versions