./www/ruby-rails-html-sanitizer, HTML sanitizer for Rails applications

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2022Q4, Version: 1.4.4, Package name: ruby31-rails-html-sanitizer-1.4.4, Maintainer: minskim

HTML sanitization for Rails applications.

Master sites:

Filesize: 18 KB

Version history: (Expand)

CVS history: (Expand)


   2023-01-15 20:57:02 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6722 - requested by taca
www/ruby-rails-html-sanitizer: security fix

Revisions pulled up:
- www/ruby-rails-html-sanitizer/Makefile                        1.6
- www/ruby-rails-html-sanitizer/distinfo                        1.8

---
   Module Name:	pkgsrc
   Committed By:	taca
   Date:		Tue Jan  3 15:19:14 UTC 2023

   Modified Files:
   	pkgsrc/www/ruby-rails-html-sanitizer: Makefile distinfo

   Log message:
   www/ruby-rails-html-sanitizer: update to 1.4.4

   1.4.4 (2022-12-13)

   * Address inefficient regular expression complexity with certain
     configurations of Rails::Html::Sanitizer.

     Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for more information.

     Mike Dalessio

   * Address improper sanitization of data URIs.

     Fixes CVE-2022-23518 and #135. See GHSA-mcvf-2q2m-x72m for more information.

     Mike Dalessio

   * Address possible XSS vulnerability with certain configurations of
     Rails::Html::Sanitizer.

     Fixes CVE-2022-23520. See GHSA-rrfc-7g8p-99q8 for more information.

     Mike Dalessio

   * Address possible XSS vulnerability with certain configurations of
     Rails::Html::Sanitizer.

     Fixes CVE-2022-23519. See GHSA-9h9g-93gc-623h for more information.

     Mike Dalessio