[ANN] loofah security update v2.19.1

59 views
Skip to first unread message

Mike Dalessio

unread,
Dec 13, 2022, 8:46:56 AM12/13/22
to ruby-sec...@googlegroups.com, ruby-talk
loofah v2.19.1 has been released. This a security update which addresses multiple CVEs, and users are recommended to upgrade immediately.

The release notes are reproduced below, for more information please read the linked GHSAs.

---

2.19.1 / 2022-12-13

Security

  • Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information.
  • Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx for more information.
  • Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm for more information.

Reply all
Reply to author
Forward
0 new messages