[DOMPurify Security] New Release Version 2.2.4 (Security Issue)
Security Announcements for DOMPurify and related tools
dompurify-security at lists.ruhr-uni-bochum.de
Tue Dec 15 17:46:05 CET 2020
*Intro*
A new version of DOMPurify was released today: DOMPurify 2.2.4
*Background*
Two novel mutation patterns (in MathML & SVG) were spotted and reported
responsibly by PewGrand and Michał Bentkowski. The issues were addressed
and fixed in this release.
*Fix*
DOMPurify is now aware of two behavioral patterns caused by faulty tag
parsing inside and around XML/non-HTML elements and scrubs those more
efficiently for better security.
*Packages*
Updated packages are available here:
https://github.com/cure53/DOMPurify/releases/tag/2.2.4
EOF
--
Fon +49 1520 8675 782
PGP 0xC26C858090F70ADA
cure53.de || keybase.io/cure53 || @cure53berlin
More information about the DOMPurify-Security
mailing list