Bootstrap 5 upgrade?

[Demian Katz]

Hello, everyone –

 

I have begun getting alerts from my university’s information security department because ArchivesSpace is failing their web vulnerability tests because it uses an unsupported (v4) version of the Bootstrap library. Are there any plans to either upgrade to Bootstrap 5 or move away from Bootstrap in the default ArchivesSpace theme?

 

thanks,
Demian

[Clair, Kevin]

This is not to say upgrading to Bootstrap 5 shouldn't be on the ArchivesSpace development roadmap, but we also got flagged for this in our IT accessibility review and I ended up being able to resolve it by manually updating some of our button and text colors to the Bootstrap 5 hex codes (which got us to WCAG 2.1 AA standards for color contrast).

We have pretty substantial PUI customizations already, so it made sense for us in a way that it may not for others; nevertheless I can share that CSS if it's of interest.  -k

---

kevin clair

digital collections archivist / interim head of collection services

eberly family special collections library

penn state university libraries

---

From: 'Demian Katz' via Archivesspace_Users_Group <Archivesspac...@lyrasislists.org>
Sent: Tuesday, March 17, 2026 4:40 PM
To: Archivesspac...@lyrasislists.org <Archivesspac...@lyrasislists.org>
Subject: [ArchivesSpace Users Group] Bootstrap 5 upgrade?

 

--
You received this message because you are subscribed to the Google Groups "Archivesspace_Users_Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to Archivesspace_User...@lyrasislists.org.
To view this discussion visit https://groups.google.com/a/lyrasislists.org/d/msgid/Archivesspace_Users_Group/DS4PR03MB8423EB7404FBDE2F62B59BB4E841A%40DS4PR03MB8423.namprd03.prod.outlook.com.

[Demian Katz]

Thanks for your willingness to share, Kevin. If there are contrast or other accessibility issues in the project by default, it would certainly be nice to address them, even if the solution to that is something more limited than a full Bootstrap upgrade!

 

In our case, though, the alert is not related to accessibility but rather to security – we have a general policy against using Javascript libraries past end of life, since that introduces the risk that a security vulnerability (like, for example, an XSS issue) could be discovered and have no quick or easy solution due to abandonment of the code.

 

Of course, I realize that the theoretical harms that could come from a vulnerability in Bootstrap are relatively limited in scope, and I don’t think the world is going to end if we don’t get this addressed right away – but one way or another, reliance on BS4 is a piece of technical debt that will have to be addressed sooner or later.

 

I confess that at this point, I have a pretty shallow familiarity with the codebase, because so far the software has mostly “just worked” for our use cases. I can make no promises at this point, but if there is interest in performing this upgrade but no resources to do so, I could check whether any of my team members have the bandwidth and experience to help with the process. I imagine we’d get farther faster if somebody more familiar with the project would be willing to collaborate with us, though.

 

- Demian

[Brian Zelip]

Hi all.

Demian, the Program Team is indeed interested in upgrading Bootstrap! I’m happy to chat off list about any ideas.

Kevin, I’d love to take a look at your team’s CSS fixes for any changes we can adapt into core.

FYI the upcoming v4.2.0 release fixes many issues relating to color contrast, keyboard access, page hierarchy, missing labels, etc. See https://github.com/archivesspace/archivesspace/releases/tag/v4.2.0-RC1. 

Best,

Brian Zelip

---

Front End Developer, ArchivesSpace

brian...@lyrasis.org

he/him

 

To view this discussion visit https://groups.google.com/a/lyrasislists.org/d/msgid/Archivesspace_Users_Group/DS4PR03MB84230A22FF73469CA351B7C5E84EA%40DS4PR03MB8423.namprd03.prod.outlook.com.