Skip to content

Release version 1.7.5
Compare
Choose a tag to compare
@davewichers davewichers released this 02 Feb 15:45
· 137 commits to main since this release
v1.7.5
12a2e31
This commit was signed with the committer’s verified signature.
davewichers Dave Wichers
GPG key ID: 8852CBF93768CB2E
Learn about vigilant mode.

This release addresses the vulnerability documented in GHSA-2mrq-w8pv-5pvq. AntiSamy versions prior to v1.7.5 are subject to mutation XSS (mXSS) vulnerability when preserving comments. - https://www.cvedetails.com/cve/CVE-2024-23635.

In addition, a number of libraries and plugins were upgraded.

Note: The upgrade in the HTML parser may alter outputs compared to 1.7.4 and before. This may impact regression tests that involve AntiSamy if they are too strict when comparing a resulting output with the expected one.

Assets 2
Loading