View Issue Details

IDProjectCategoryView StatusLast Update
0024297mantisbtsecuritypublic2019-04-04 04:24
Reporterdregad Assigned Todregad  
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.1.0 
Target Version2.12.1Fixed in Version2.12.1 
Summary0024297: Update Parsedown library to 1.7.1
Description

Parsedown 1.6.x is vulnerable to XSS attacks (see 0024186). Vulnerabilities were fixed in 1.7.0 on 28-Feb-2018; 1.7.1 was released a few days later including a few additional bug fixes.

TagsNo tags attached.

Relationships

child of 0024186 closeddregad CVE-2018-1000162: XSS vulnerability in Parsedown library 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.12 518d7529

2018-03-29 04:16

dregad


Details Diff
Update Parsedown to 1.7.1

- Set minimum required version to 1.7.0 in composer.json
- Run composer update
- Updating erusev/parsedown (1.6.3 => 1.7.1)

Fixes 0024186
Affected Issues
0024186, 0024297
mod - composer.json Diff File
mod - composer.lock Diff File