Skip to content

Release version 1.6.0
Compare
Choose a tag to compare
@davewichers davewichers released this 05 Mar 16:28
v1.6.0
3f446c5
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release includes a few minor bug fixes and all available upgrades to the libraries and plugins used by the project, including a few upgrades that eliminate known CVEs in those libraries.

The one major change in this release is that AntiSamy XSD schema validation is now enabled by default starting with AntiSamy 1.6.0.

While working on some improvements to AntiSamy's XML Schema Definition (XSD) for AntiSamy policy files, we noticed that AntiSamy was NOT actually enforcing the XSD. So, we've CHANGED the default behavior starting with AntiSamy 1.6.0 to enforce the schema, and not continue if the AntiSamy policy is invalid. However ... we recognize that it might not be possible for developers to fix their AntiSamy policies right away if they are non-compliant, and yet still want to upgrade AntiSamy to pick up any security improvements, feature enhancements, and bug fixes. As such, we've provided two ways to (temporarily!) disable schema validation.

Please read the section "### NOTE: Schema validation behavior change starting with AntiSamy 1.6.0" in the README for details on how to (temporarily) disable schema validation for AntiSamy if your project needs to do so.

Assets 2
Loading