Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update loofah due to CVE-2018-16468 #1394

Merged
merged 1 commit into from Nov 5, 2018
Merged

Update loofah due to CVE-2018-16468 #1394

merged 1 commit into from Nov 5, 2018

Conversation

lmcglohon
Copy link
Contributor

Description

In the Loofah gem for Ruby, through version 2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. Users are advised to upgrade to version 2.2.3.

Related JIRA Ticket or GitHub Issue

Motivation and Context

In response to a GitHub alert

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@lmcglohon lmcglohon merged commit 23efbbb into master Nov 5, 2018
@lmcglohon lmcglohon added this to the 2.5.2 milestone Nov 5, 2018
@lmcglohon lmcglohon deleted the update-loofah branch November 5, 2018 21:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.5.2
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@lmcglohon