We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 28c5e02 commit e2c7911Copy full SHA for e2c7911
NEWS
@@ -5,13 +5,17 @@ version 0.8.3 (6-June-2014):
5
Users could construct a name that would allow for injecting
6
JavaScript in the page. That name is now properly escaped.
7
8
+ This is CVE-2014-3995.
9
+
10
* Fixed a XSS issue in json_dumps.
11
12
JSON payloads constructed based on user input and then injected into
13
a page could result in custom JavaScript being injected into the
14
page. Additional escaping is now performed to ensure this does not
15
happen.
16
17
+ This is CVE-2014-3994 (discovered by "uchida", bug #3406).
18
19
20
version 0.8.2 (2-June-2014):
21
* Packaging:
0 commit comments