pkgsrc.se | The NetBSD package collection

./www/ruby-loofah, HTML sanitizer for Rails applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2018Q3, Version: 2.2.3, Package name: ruby24-loofah-2.2.3, Maintainer: minskim

Loofah is a general library for manipulating and transforming HTML/XML
documents and fragments. It's built on top of Nokogiri and libxml2, so
it's fast and has a nice API. Loofah excels at HTML sanitization (XSS
prevention). It includes some nice HTML sanitizers, which are based on
HTML5lib's whitelist, so it most likely won't make your codes less
secure.

Required to run:
[lang/ruby24-base] [textproc/ruby-nokogiri] [www/ruby-crass]

Required to build:
[pkgtools/cwrappers]

Master sites:

https://rubygems.org/gems/ (Download)

SHA1: b907029ec05b39a8f239a83c443e5cf94baecfad
RMD160: 7da4488ecc2a3c341a3716e0286e556b20bde270
Filesize: 64 KB

Version history: (Expand)

(2018-11-06) Updated to version: ruby24-loofah-2.2.3
(2018-10-22) Package added to pkgsrc.se, version ruby24-loofah-2.2.2 (created)

CVS history: (Expand)

2018-11-04 21:02:38 by S.P.Zeidler | Files touched by this commit (3) | Package updated

Log message:
Pullup ticket #5874 - requested by taca
www/ruby-loofah: security update

Revisions pulled up:
- www/ruby-loofah/Makefile                                      1.5
- www/ruby-loofah/PLIST                                         1.4
- www/ruby-loofah/distinfo                                      1.5

-------------------------------------------------------------------
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Thu Nov  1 16:11:45 UTC 2018

   Modified Files:
   	pkgsrc/www/ruby-loofah: Makefile PLIST distinfo

   Log message:
   www/ruby-loofah: update to 2.2.3

   ## 2.2.3 / 2018-10-30

   ### Security

   Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output \ 
when a crafted SVG element is republished.

   This CVE's public notice is at https://github.com/flavorjones/loofah/issues/154

   ## Meta / 2018-10-27

   The mailing list is now on Google Groups \ 
[#146](https://github.com/flavorjones/loofah/issues/146):

   * Mail: loofah-talk@googlegroups.com
   * Archive: https://groups.google.com/forum/#!forum/loofah-talk

   This change was made because librelist no longer appears to be maintained.

   To generate a diff of this commit:
   cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/ruby-loofah/Makefile \
       pkgsrc/www/ruby-loofah/distinfo
   cvs rdiff -u -r1.3 -r1.4 pkgsrc/www/ruby-loofah/PLIST