You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to play-framework, Play framework dev
Hi everyone,
We recently discovered a security vulnerability in Play's JavaScript router. The host string was not being properly escaped. Since the Host header can be spoofed by an attacker, it can result in reflected XSS.
If you are using the JavaScript router, we recommend upgrading to Play 2.4.8 or 2.5.4 (though no 2.5 releases are affected).