Groups
Sign in
Groups
ruby-security-ann
Conversations
About
Send feedback
Help
[ANN] loofah security update v2.19.1
59 views
Skip to first unread message
Mike Dalessio
unread,
Dec 13, 2022, 8:46:56 AM
12/13/22
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to ruby-sec...@googlegroups.com, ruby-talk
loofah v2.19.1 has been released. This a security update which addresses multiple CVEs, and users are recommended to upgrade immediately.
The
release notes
are reproduced below, for more information please read the linked GHSAs.
---
2.19.1 / 2022-12-13
Security
Address CVE-2022-23514, inefficient regular expression complexity. See
GHSA-486f-hjj9-9vhh
for more information.
Address CVE-2022-23515, improper neutralization of data URIs. See
GHSA-228g-948r-83gx
for more information.
Address CVE-2022-23516, uncontrolled recursion. See
GHSA-3x8r-x6xp-q4vm
for more information.
Reply all
Reply to author
Forward
0 new messages