Skip to content

Release version 1.7.4

Compare
Choose a tag to compare
@davewichers davewichers released this 06 Oct 23:23
· 199 commits to main since this release
45c78f1

This release addresses the vulnerability documented in CVE-2023-43643. AntiSamy versions prior to v1.7.4 are subject to mutation XSS (mXSS) vulnerability when preserving comments. - https://www.cvedetails.com/cve/CVE-2023-43643.

In addition, a number of libraries and plugins were upgraded, including one with a known vulnerability. Specifically, AntiSamy 1.7.4 upgraded to batik-css v1.17 because batik-css:1.16 is subject to https://www.cvedetails.com/cve/CVE-2022-44729.

Note: The upgrade in the HTML parser may alter outputs compared to 1.7.3 and before. This may impact in regression tests that involve AntiSamy if they are too strict when comparing a resulting output with the expected one.