·
74 commits
to main
since this release
12a2e31
This commit was signed with the committer’s verified signature.
davewichers
Dave Wichers
This release addresses the vulnerability documented in GHSA-2mrq-w8pv-5pvq. AntiSamy versions prior to v1.7.5 are subject to mutation XSS (mXSS) vulnerability when preserving comments. - https://www.cvedetails.com/cve/CVE-2024-23635.
In addition, a number of libraries and plugins were upgraded.
Note: The upgrade in the HTML parser may alter outputs compared to 1.7.4 and before. This may impact regression tests that involve AntiSamy if they are too strict when comparing a resulting output with the expected one.