Skip to content

2.8.1

Choose a tag to compare

View all tags
@colinodell colinodell released this 05 Mar 21:38
· 3 commits to 2.8 since this release
2.8.1
This tag was signed with the committer’s verified signature. The key has expired.
colinodell Colin O'Dell
GPG key ID: 60A4DAD272A01CB8
Expired
Verified
Learn about vigilant mode.
84b1ca4
This commit was signed with the committer’s verified signature. The key has expired.
colinodell Colin O'Dell
GPG key ID: 60A4DAD272A01CB8
Expired
Verified
Learn about vigilant mode.

What's Changed

This is a security release to address an issue where DisallowedRawHtml can be bypassed, resulting in a possible cross-site scripting (XSS) vulnerability.

Fixed

  • Fixed DisallowedRawHtmlRenderer not blocking raw HTML tags with trailing ASCII whitespace (GHSA-4v6x-c7xx-hw9f)
  • Fixed PHP 8.5 deprecation (#1107)

New Contributors

Full Changelog: 2.8.0...2.8.1

Contributors

freost and Kocal
Assets 2
Loading