Skip to content

Commit

Permalink
Merge pull request #654 from apostrophecms/release-2.12.1
Browse files Browse the repository at this point in the history
release 2.12.1
  • Loading branch information
boutell authored Feb 22, 2024
2 parents c5dbdf7 + f8e02be commit 4a7d7dd
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 1 deletion.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,9 @@
# Changelog

## 2.12.1 (2024-02-22)

- Do not parse sourcemaps in `post-css`. This fixes a vulnerability in which information about the existence or non-existence of files on a server could be disclosed via properly crafted HTML input when the `style` attribute is allowed by the configuration. Thanks to the [Snyk Security team](https://snyk.io/) for the disclosure and to [Dylan Armstrong](https://dylan.is/) for the fix.

## 2.12.0 (2024-02-21)

- Introduced the `allowedEmptyAttributes` option, enabling explicit specification of empty string values for select attributes, with the default attribute set to `alt`. Thanks to [Na](https://github.com/zhna123) for the contribution.
Expand Down
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "sanitize-html",
"version": "2.12.0",
"version": "2.12.1",
"description": "Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis",
"sideEffects": false,
"main": "index.js",
Expand Down

0 comments on commit 4a7d7dd

Please sign in to comment.