Next | Query returned 3 messages, browsing 1 to 10 | previous

History of commit frequency

CVS Commit History:


   2023-09-18 19:37:33 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
textproc/ruby-sanitize: update to 6.1.0

6.1.0 (2023-09-14)

Features

* Added the text-decoration-skip-ink and text-decoration-thickness CSS
  properties to the relaxed config.  @martineriksson - #228
   2023-07-09 04:56:28 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
textproc/ruby-sanitize: update to 6.0.2

6.0.2 (2023-07-06)

Bug Fixes

* CVE-2023-36823: Fixed an HTML+CSS sanitization bypass that could allow XSS
  (cross-site scripting). This issue affects Sanitize versions 3.0.0 through
  6.0.1.

  When using Sanitize's relaxed config or a custom config that allows
  <style> elements and one or more CSS at-rules, carefully crafted input
  could be used to sneak arbitrary HTML through Sanitize.

  See the following security advisory for additional details:
  GHSA-f5ww-cq3m-q3g7

  Thanks to @cure53 for finding this issue.
   2022-08-30 17:37:23 by Takahiro Kambe | Files touched by this commit (4)
Log message:
textproc/ruby-sanitize: add package version 6.0.0

It is required for forthcoming redmine50 package.

Sanitize is an allowlist-based HTML and CSS sanitizer.  It removes all HTML
and/or CSS from a string except the elements, attributes, and properties you
choose to allow.

Next | Query returned 3 messages, browsing 1 to 10 | previous