Skip to content

0.45.22 Security update - Reflected XSS in settings/edit pages
Compare
Choose a tag to compare
@dgtlmoon dgtlmoon released this 02 May 10:11
· 216 commits to master since this release
0.45.22
d127214

Auto-escape in Jinaj2 templates was not enabled because the filenames were not something jinja2 enables it for, fixed.

Big thanks to https://github.com/Nguyen-Trung-Kien for finding and reporting the issue.

Full Changelog: 0.45.21...0.45.22

Assets 2
Loading