Skip to content

Release v3.3.1
Compare
Choose a tag to compare
@lfdebrux lfdebrux released this 11 Apr 09:39
· 33 commits to main since this release
v3.3.1
f670bf5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Fix

This change solves a potential security issue with HTML snippets. Pages indexed in search results have their entire contents indexed, including any HTML code snippets. These HTML snippets would appear in the search results unsanitised, making it possible to render arbitrary HTML or run arbitrary scripts.

You can see more detail about this issue at #323: Fix XSS vulnerability on search results page

Assets 2
Loading