Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update the 0.8.3 release notes with the CVEs.
  • Loading branch information
chipx86 committed Jun 8, 2014
1 parent 28c5e02 commit e2c7911
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions NEWS
Expand Up @@ -5,13 +5,17 @@ version 0.8.3 (6-June-2014):
Users could construct a name that would allow for injecting
JavaScript in the page. That name is now properly escaped.

This is CVE-2014-3995.

* Fixed a XSS issue in json_dumps.

JSON payloads constructed based on user input and then injected into
a page could result in custom JavaScript being injected into the
page. Additional escaping is now performed to ensure this does not
happen.

This is CVE-2014-3994 (discovered by "uchida", bug #3406).


version 0.8.2 (2-June-2014):
* Packaging:
Expand Down

0 comments on commit e2c7911

Please sign in to comment.