Skip to content

Commit

Permalink
version bump to v1.4.4
Browse files Browse the repository at this point in the history
  • Loading branch information
flavorjones committed Dec 12, 2022
1 parent 48ae90a commit fd63dea
Show file tree
Hide file tree
Showing 2 changed files with 36 additions and 1 deletion.
35 changes: 35 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,38 @@
## 1.4.4 / 2022-12-13

* Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer.

Fixes CVE-2022-23517. See
[GHSA-5x79-w82f-gw8w](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w)
for more information.

*Mike Dalessio*

* Address improper sanitization of data URIs.

Fixes CVE-2022-23518 and #135. See
[GHSA-mcvf-2q2m-x72m](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m)
for more information.

*Mike Dalessio*

* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.

Fixes CVE-2022-23520. See
[GHSA-rrfc-7g8p-99q8](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8)
for more information.

*Mike Dalessio*

* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.

Fixes CVE-2022-23519. See
[GHSA-9h9g-93gc-623h](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h)
for more information.

*Mike Dalessio*


## 1.4.3 / 2022-06-09

* Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
Expand Down
2 changes: 1 addition & 1 deletion lib/rails/html/sanitizer/version.rb
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
module Rails
module Html
class Sanitizer
VERSION = "1.4.3"
VERSION = "1.4.4"
end
end
end

0 comments on commit fd63dea

Please sign in to comment.