It doesn't look like the bug you mentioned exists in the horizon/static/horizon/lib/jquery/jquery.bootstrap.wizard.js file, however I do see where the comment block at the top of that file claims "Supports Bootstrap 2.2.x, 2.3.x, 3.0" so I'm trying to better understand whether the nature of your report is that Horizon should upgrade the embedded jquery.bootstrap.wizard.js to a version which supports twitter-bootstrap>=4.3 or if the vulnerability you've found lies within code in the openstack/horizon git repository.
It doesn't look like the bug you mentioned exists in the horizon/ static/ horizon/ lib/jquery/ jquery. bootstrap. wizard. js file, however I do see where the comment block at the top of that file claims "Supports Bootstrap 2.2.x, 2.3.x, 3.0" so I'm trying to better understand whether the nature of your report is that Horizon should upgrade the embedded jquery. bootstrap. wizard. js to a version which supports twitter- bootstrap> =4.3 or if the vulnerability you've found lies within code in the openstack/horizon git repository.