Skip to content

v2.3.1

Choose a tag to compare

@aspenrt78 aspenrt78 released this 10 Jun 09:54

v2.3.1 — Security & stability patch

Update recommended for all users.

Security

  • Fixed an XSS vulnerability in the Bubble Card YAML viewer: imported YAML containing HTML markup could execute script inside the Home Assistant panel. YAML content is now HTML-escaped before syntax highlighting.

Fixes

  • Restored triggers_update support for button-card (list of entities that force a card update) — now properly typed, editable, generated, and imported
  • Removed leftover UI controls for invalid button-card options (hold_time, trigger_entity) that could not produce valid YAML
  • Imported conditions operators are now validated against the supported operator set
  • Removed stale __pycache__ files from the repository