I am trying to:
Assess and remediate a security finding where our security team detected Bootstrap v4.5.3 (End-of-Life) being loaded as part of the Toolset plugin on a WordPress site. The recommendation from the security team is to upgrade to Bootstrap v5.3.8 or a supported version.
Link to a page where the issue can be seen:
Bootstrap 4.5.3 is observed being loaded via browser developer tools / network tab.
I expected to see:
Either:
Toolset using a maintained version of Bootstrap (e.g. Bootstrap 5.x), or
Official guidance from Toolset on:
Whether Bootstrap 4.5.3 is still required for compatibility
Whether there are plans to update or decouple Bootstrap from the plugin
Recommended mitigation steps if upgrading Bootstrap is not currently supported
Instead, I got:
Bootstrap v4.5.3, which is End-of-Life and no longer receives upstream security updates. This has been flagged during security scans as a technology obsolescence risk.
*Note: my website plugin is up to date
Hi,
Welcome to Toolset support. Toolset can load Bootstrap files for styling/layout (legacy Views grids, Layouts, Forms). You can turn that loading off if your security scan flags the bundled Bootstrap.
Steps:
- WP Admin → Toolset → Settings → General
- Scroll to Bootstrap loading
- Select not to load Bootstrap (so your theme/site controls it)
- Save and re-test the pages that use Views/Forms.
Thanks.
