v16.4.2
16.4.2 (August 1, 2018)
React DOM Server
-
Fix a potential XSS vulnerability when the attacker controls an attribute name (
CVE-2018-6341). This fix is available in the latest[email protected], as well as in previous affected minor versions:[email protected],[email protected],[email protected], and[email protected]. (@gaearon in #13302) -
Fix a crash in the server renderer when an attribute is called
hasOwnProperty. This fix is only available in[email protected]. (@gaearon in #13303)