Comment 4 for bug 1820226

Thanks Mathieu for your review!

For consideration of bootstrap4 I opened:
- https://gitlab.com/mailman/postorius/issues/350
- https://gitlab.com/mailman/hyperkitty/issues/229
But that won't be short term tasks.

Therefore I'm subscribing and assigning the security to review bootstrap3.

Note: the one known open CVE is at least backported and existing in 3.4.1.
That is already in Debian and can be synced next cycle.
So @Security please review 3.4.1 as in Debian for this MIR.