v2.3.1
v2.3.1 — Security & stability patch
Update recommended for all users.
Security
- Fixed an XSS vulnerability in the Bubble Card YAML viewer: imported YAML containing HTML markup could execute script inside the Home Assistant panel. YAML content is now HTML-escaped before syntax highlighting.
Fixes
- Restored
triggers_updatesupport for button-card (list of entities that force a card update) — now properly typed, editable, generated, and imported - Removed leftover UI controls for invalid button-card options (
hold_time,trigger_entity) that could not produce valid YAML - Imported
conditionsoperators are now validated against the supported operator set - Removed stale
__pycache__files from the repository