Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

ruby3.1-rubygem-rails-html-sanitizer-1.4.3-1.2 RPM for x86_64

From OpenSuSE Tumbleweed for x86_64

Name: ruby3.1-rubygem-rails-html-sanitizer Distribution: openSUSE Tumbleweed
Version: 1.4.3 Vendor: openSUSE
Release: 1.2 Build date: Wed Aug 31 14:45:40 2022
Group: Development/Languages/Ruby Build host: sheep85
Size: 42110 Source RPM: rubygem-rails-html-sanitizer-1.4.3-1.2.src.rpm
Summary: HTML sanitization to Rails applications (part of Rails)
HTML sanitization for Rails applications.






* Mon Jun 13 2022 Manuel Schnitzer <>
  - updated to version 1.4.3
    * Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer.
      Prevent the combination of `select` and `style` as allowed tags in SafeListSanitizer.
      Fixes CVE-2022-32209
    * Mike Dalessio*
* Wed Aug 25 2021 Manuel Schnitzer <>
  - updated to version 1.4.2
    * Slightly improve performance.
      Assuming elements are more common than comments, make one less method call per node.
    * Mike Dalessio*
    [#]# 1.4.1 / 2021-08-18
    * Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.
      Some scrubbers will want to override the default behavior and allow comments, but v1.4.0 only
      passed through elements to the scrubber's `keep_node?` method.
      This change once again allows the scrubber to make the decision on comment nodes, but still skips
      other non-elements like processing instructions (see #115).
    * Mike Dalessio*
    [#]# 1.4.0 / 2021-08-18
    * Processing Instructions are no longer allowed by Rails::Html::PermitScrubber
      Previously, a PI with a name (or "target") matching an allowed tag name was not scrubbed. There
      are no known security issues associated with these PIs, but similar to comments it's preferred to
      omit these nodes when possible from sanitized output.
      Fixes #115.
    * Mike Dalessio*
* Tue Nov 12 2019 Manuel Schnitzer <>
  - updated to version 1.3.0
    * Address deprecations in Loofah 2.3.0.
    * Josh Goodall*
* Thu Aug 15 2019 Manuel Schnitzer <>
  - updated to version 1.2.0
    * Remove needless `white_list_sanitizer` deprecation.
      By deprecating this, we were forcing Rails 5.2 to be updated or spew
      deprecations that users could do nothing about.
      That's pointless and I'm sorry for adding that!
      Now there's no deprecation warning and Rails 5.2 works out of the box, while
      Rails 6 can use the updated naming.
    * Kasper Timm Hansen*
* Fri Mar 23 2018
  - updated to version 1.0.4
    * CVE-2018-3741: XSS vulnerability
    see installed
    fix bsc#1086598
* Tue Jan 26 2016
  - updated to version 1.0.3:
    * boo#963326: CVE-2015-7578: XSS vulnerability via attributes
    * boo#963327: CVE-2015-7579: XSS vulnerability
    * boo#963328: CVE-2015-7580: XSS via whitelist sanitizer
* Mon Mar 16 2015
  - updated to version 1.0.2, no changelog
* Mon Feb 09 2015
  - initial package (version 1.0.1)



Generated by rpm2html 1.8.1

Fabrice Bellet, Fri Nov 25 23:35:01 2022