You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In this release of apostrophe, we bumped our dependency on sanitize-html to ^2.12.1 at a minimum, to ensure that npm update apostrophe is sufficient to guarantee a security update is installed.
Version 2.12.1 of sanitize-html is a security update, which prevents specially crafted HTML documents from revealing the existence or non-existence of files on the server. The vulnerability did not expose any other information about those files.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
In this release of
apostrophe
, we bumped our dependency onsanitize-html
to^2.12.1
at a minimum, to ensure thatnpm update apostrophe
is sufficient to guarantee a security update is installed.Version 2.12.1 of
sanitize-html
is a security update, which prevents specially crafted HTML documents from revealing the existence or non-existence of files on the server. The vulnerability did not expose any other information about those files.Thanks to the Snyk Security team for the disclosure and to Dylan Armstrong for the fix.
Beta Was this translation helpful? Give feedback.
All reactions