[DOMPurify Security] New Release Version 0.6.7 (Security Issue)
Security Announcements for DOMPurify and related tools
dompurify-security at lists.ruhr-uni-bochum.de
Thu Sep 17 15:08:47 CEST 2015
*Intro*
A new version of DOMPurify was released today: DOMPurify 0.6.7
*Background*
One potential security issue was spotted, affecting Firefox users in
case sanitized HTML gets written to the DOM using document.write() and
SVG elements are permitted to be used. DOMPurify 0.6.7 fixes that issue.
*Example*
Details about the problem can be found here:
https://github.com/cure53/DOMPurify/releases/tag/0.6.7
*Fix*
The fix commit is available here:
https://github.com/cure53/DOMPurify/commit/1443780affdf0d64a7f115c5b8b535afa600b909
*Packages*
Updated packages are available here:
https://github.com/cure53/DOMPurify/releases/tag/0.6.7
EOF
--
Fon +49 1520 8675782
PGP 0xD33441A8
S/MIME kuix.de/smime-keyserver/
cure53.de || mario.heideri.ch || 0x6D6172696F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/attachments/20150917/365e009a/attachment.sig>
More information about the DOMPurify-Security
mailing list