[DOMPurify Security] New Release Version 0.8.6 (Security Issue)
Security Announcements for DOMPurify and related tools
dompurify-security at lists.ruhr-uni-bochum.de
Fri Apr 21 16:07:49 CEST 2017
*Intro*
A new version of DOMPurify was released today: DOMPurify 0.8.6
*Background*
A security issue was reported by @neilj, exclusively affecting users
running on Safari 10.1.x and Safari 10.2.x.
The problem was caused by a newly spotted security issue in latest
Safari itself. DOMPurify works around that issue to keep Safari users safe.
*Example*
Details about the problem can be found here:
https://github.com/cure53/DOMPurify/releases/tag/0.8.6
*Fix*
DOMPurify removed usage of the DOMParser API which is now unsafe to use
on Safari 10.1 and newer.
The fix commit is available here:
https://github.com/cure53/DOMPurify/commit/27908090e4a2d0a75f15924d68bed07ea5e52998#diff-39d3e4cf739c51697e855107d73a23f5L398
*Packages*
Updated packages are available here:
https://github.com/cure53/DOMPurify/releases/tag/0.8.6
EOF
--
Fon +49 1520 8675782
PGP 0xD33441A8
S/MIME kuix.de/smime-keyserver/
cure53.de || mario.heideri.ch || 0x6D6172696F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 473 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ruhr-uni-bochum.de/pipermail/dompurify-security/attachments/20170421/411a8363/attachment.sig>
More information about the DOMPurify-Security
mailing list