[DOMPurify Security] New Release Version 0.6.1 (Security Issues)
Security Announcements for DOMPurify and related tools
dompurify-security at lists.ruhr-uni-bochum.de
Mon Feb 23 09:47:33 CET 2015
*Intro*
A new version of DOMPurify was released today: DOMPurify 0.6.1
*Background*
Several security issues were spotted during a paid 3rd third party audit
executed by @filedescriptor. DOMPurify 0.6.1 fixes those issues.
*Example*
All identified attacks are documented in the publicly available
pentest-report that can be downloaded as PDF:
https://cure53.de/pentest-report_dompurify.pdf
*Fix*
The fix commit is available here:
https://github.com/cure53/DOMPurify/commit/aaa181ad303b8ceee2826888cdead948018e1330
All fixes was suggested and reviewed by the reporter.
*Packages*
Updated packages are available here:
https://github.com/cure53/DOMPurify/releases/tag/0.6.1
EOF
--
Fon +49 1520 8675782
PGP 0xD33441A8
S/MIME kuix.de/smime-keyserver/
cure53.de || mario.heideri.ch || 0x6D6172696F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/attachments/20150223/da3a7a9f/attachment.sig>
More information about the DOMPurify-Security
mailing list