v32.5.2 (Security Release)

tdruez released this 14 Aug 08:07

· 268 commits to main since this release

Security

This release addresses the security issue detailed below. We encourage all users of ScanCode.io to upgrade as soon as possible.

GHSA-6xcx-gx7r-rccj: Reflected Cross-Site Scripting (XSS) in license endpoint
The license_details_view function was subject to cross-site scripting (XSS)
attack due to inadequate validation and sanitization of the key parameter.
The license views were migrated class-based views are the inputs are now properly
sanitized.
Credit to @0xmpij for reporting the vulnerability.

What's Changed

Add JavaScript colocation mapping step in d2d pipeline by @keshav-space in #803
Migrate license views to CBV and main UI #847 by @tdruez in #849
Remove the subprocess need in the scan_package pipeline #798 by @tdruez in #855
Security checks #850 by @tdruez in #851

Full Changelog: v32.5.1...v32.5.2

Contributors

tdruez, keshav-space, and 0xmpij

Assets 2