Navigation:
Browse pkgsrc
(this page) 2019-10-23 13:33:38 by Benny Siegert | Files touched by this commit (3) |  |
Log message: Pullup ticket #6074 - requested by taca www/ruby-loofah: seucurity fix Revisions pulled up: - www/ruby-loofah/Makefile 1.6 - www/ruby-loofah/PLIST 1.5 - www/ruby-loofah/distinfo 1.6 --- Module Name: pkgsrc Committed By: taca Date: Tue Oct 22 16:24:20 UTC 2019 Modified Files: pkgsrc/www/ruby-loofah: Makefile PLIST distinfo Log message: www/ruby-loofah: update to 2.3.1 ## 2.3.1 / 2019-10-22 ### Security Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output \ when a crafted SVG element is republished. This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171 ## 2.3.0 / unreleased ### Features * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147] * Expand set of allowed CSS functions. [related to #122] * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!) * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!) * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!) * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!) ### Bug fixes * CSS hex values are no longer limited to lowercase hex. Previously uppercase \ hex were scrubbed. [#165] (Thanks, @asok!) ### Deprecations / Name Changes The following method and constants are hereby deprecated, and will be \ completely removed in a future release: * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use \ `Loofah::Helpers::ActionView.safe_list_sanitizer` instead. * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use \ `Loofah::Helpers::ActionView::SafeListSanitizer` instead. * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` \ instead. Thanks to @JuanitoFatas for submitting these changes in #164 and for making \ the language used in Loofah more inclusive. |
New packages: