Skip to content

Release version 1.7.4
Compare
Choose a tag to compare
@davewichers davewichers released this 06 Oct 23:23
· 146 commits to main since this release
v1.7.4
45c78f1
This commit was signed with the committer’s verified signature.
davewichers Dave Wichers
GPG key ID: 8852CBF93768CB2E
Learn about vigilant mode.

This release addresses the vulnerability documented in CVE-2023-43643. AntiSamy versions prior to v1.7.4 are subject to mutation XSS (mXSS) vulnerability when preserving comments. - https://www.cvedetails.com/cve/CVE-2023-43643.

In addition, a number of libraries and plugins were upgraded, including one with a known vulnerability. Specifically, AntiSamy 1.7.4 upgraded to batik-css v1.17 because batik-css:1.16 is subject to https://www.cvedetails.com/cve/CVE-2022-44729.

Note: The upgrade in the HTML parser may alter outputs compared to 1.7.3 and before. This may impact in regression tests that involve AntiSamy if they are too strict when comparing a resulting output with the expected one.

Assets 2
Loading