| Thread Previous • Date Previous • Date Next • Thread Next |
** Changed in: mahara/1.0
Status: Fix Committed => Fix Released
** Visibility changed to: Public
--
XSS in HTML purifier 3.0.0 and 4.0.0
https://bugs.launchpad.net/bugs/571505
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Status in Mahara ePortfolio: Fix Released
Status in Mahara 1.0 series: Fix Released
Status in Mahara 1.1 series: Fix Released
Bug description:
HTML Purifier 4.1 is a major security release that fixes an XSS
vulnerability exploitable on Internet Explorer. It also contains
a number of new features, including dramatically more flexible Flash
support, including %Output.FlashCompat to replace %HTML.SafeEmbed,
optional support for the data: URI scheme and better HTML parsing
capabilities.
Release notes for 4.1:
http://repo.or.cz/w/htmlpurifier.git?a=blob_plain;f=NEWS
Download links for 4.1:
http://htmlpurifier.org/releases/htmlpurifier-4.1.0.tar.gz
http://htmlpurifier.org/releases/htmlpurifier-4.1.0.zip
SHA-1 sums:
e8f6f8f6d03cebcaed87cf335467ebf58223578d htmlpurifier-4.1.0.tar.gz
972368029049af460c07378e77df4ca88240e193 htmlpurifier-4.1.0.zip
Other downloads (standalone and lite):
http://htmlpurifier.org/download.html
| Thread Previous • Date Previous • Date Next • Thread Next |
