View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0024297 | mantisbt | security | public | 2018-04-13 08:28 | 2019-04-04 04:24 |
Reporter | dregad | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | have not tried |
Status | closed | Resolution | fixed | ||
Product Version | 2.1.0 | ||||
Target Version | 2.12.1 | Fixed in Version | 2.12.1 | ||
Summary | 0024297: Update Parsedown library to 1.7.1 | ||||
Description | Parsedown 1.6.x is vulnerable to XSS attacks (see 0024186). Vulnerabilities were fixed in 1.7.0 on 28-Feb-2018; 1.7.1 was released a few days later including a few additional bug fixes. | ||||
Tags | No tags attached. | ||||
MantisBT: master-2.12 518d7529 2018-03-29 04:16 Details Diff |
Update Parsedown to 1.7.1 - Set minimum required version to 1.7.0 in composer.json - Run composer update - Updating erusev/parsedown (1.6.3 => 1.7.1) Fixes 0024186 |
Affected Issues 0024186, 0024297 |
|
mod - composer.json | Diff File | ||
mod - composer.lock | Diff File |