3.7.55.2 - fixed an XSS vulnerability

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Release Notes for Craft CMS 3.x
 
+## 3.7.55.2 - 2022-09-22
+
+### Security
+- Fixed an XSS vulnerability.
+
 ## 3.7.55.1 - 2022-09-21
 
 ### Fixed

composer.json

@@ -1,7 +1,7 @@
 {
   "name": "craftcms/cms",
   "description": "Craft CMS",
-  "version": "3.7.55.1",
+  "version": "3.7.55.2",
   "keywords": [
     "cms",
     "craftcms",

src/base/Element.php

@@ -4086,7 +4086,10 @@ public function getMetadata(): array
                 }
                 /** @var RevisionBehavior $behavior */
                 $behavior = $revision->getBehavior('revision');
-                return $behavior->revisionNotes ?: false;
+                if ($behavior->revisionNotes === null || $behavior->revisionNotes === '') {
+                    return false;
+                }
+                return Html::encode($behavior->revisionNotes);
             },
         ]);
     }

src/config/app.php

@@ -3,7 +3,7 @@
 return [
     'id' => 'CraftCMS',
     'name' => 'Craft CMS',
-    'version' => '3.7.55.1',
+    'version' => '3.7.55.2',
     'schemaVersion' => '3.7.33',
     'minVersionRequired' => '2.6.2788',
     'basePath' => dirname(__DIR__), // Defines the @app alias