From fd63deaeb22e601237d4d4d12014e7ebd410ea9b Mon Sep 17 00:00:00 2001 From: Mike Dalessio Date: Mon, 12 Dec 2022 17:43:11 -0500 Subject: [PATCH] version bump to v1.4.4 --- CHANGELOG.md | 35 +++++++++++++++++++++++++++++ lib/rails/html/sanitizer/version.rb | 2 +- 2 files changed, 36 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5e6ebd5..e18051c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +## 1.4.4 / 2022-12-13 + +* Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. + + Fixes CVE-2022-23517. See + [GHSA-5x79-w82f-gw8w](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-5x79-w82f-gw8w) + for more information. + + *Mike Dalessio* + +* Address improper sanitization of data URIs. + + Fixes CVE-2022-23518 and #135. See + [GHSA-mcvf-2q2m-x72m](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-mcvf-2q2m-x72m) + for more information. + + *Mike Dalessio* + +* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. + + Fixes CVE-2022-23520. See + [GHSA-rrfc-7g8p-99q8](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-rrfc-7g8p-99q8) + for more information. + + *Mike Dalessio* + +* Address possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. + + Fixes CVE-2022-23519. See + [GHSA-9h9g-93gc-623h](https://github.com/rails/rails-html-sanitizer/security/advisories/GHSA-9h9g-93gc-623h) + for more information. + + *Mike Dalessio* + + ## 1.4.3 / 2022-06-09 * Address a possible XSS vulnerability with certain configurations of Rails::Html::Sanitizer. diff --git a/lib/rails/html/sanitizer/version.rb b/lib/rails/html/sanitizer/version.rb index af67a0e..3ceb4c8 100644 --- a/lib/rails/html/sanitizer/version.rb +++ b/lib/rails/html/sanitizer/version.rb @@ -1,7 +1,7 @@ module Rails module Html class Sanitizer - VERSION = "1.4.3" + VERSION = "1.4.4" end end end