This is an automated email from the ASF dual-hosted git repository.
juanpablo pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 629ac8c969b3500090c4fa77f4b4be524e6a40dc
Author: Juan Pablo Santos RodrÃguez <juanpablo.san...@gmail.com>
AuthorDate: Sat Apr 5 14:46:47 2025 +0200
2.12.3-git-05
---
ChangeLog.md | 25 +++++++++++++++++-----
.../src/main/java/org/apache/wiki/api/Release.java | 2 +-
2 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index 8e091fa4e..0c4428b79 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,15 +17,30 @@ specific language governing permissions and limitations
under the License.
-->
+**2025-04-05 Juan Pablo Santos (juanpablo AT apache DOT org)**
+
+* _2.12.3-git-05_
+
+* Allow `data:` or `javascript:` uris on `src` attribute of `Image` plugin
only if `jspwiki.translatorReader.allowHTML` is enabled
+
+* Additional fixes on _2.12.3-git-04_
+
+* Dependency updates
+ * JUnit to 5.12.1
+ * Mockito to 5.16.0
+ * Tika to 3.1.0
+ * Tomcat to 9.0.102
+ * XStream to 1.4.21
+ * Maven plugins: compiler to 3.14.0, install to 3.1.4,
project-info-reports to 3.9.0, remote-resources to 3.3.0, surefire to 3.5.3
+
**2024-12-24 Arturo Bernal (abernal AT apache DOT org)**
* _2.12.3-git-04_
-* Fix for [SECURITY][DISCUSS] XBOW-024-109 XSS in JSPWiki Header Link Name
- * Addressed XSS vulnerability in JSPWiki header link name by ensuring proper
HTML escaping when `jspwiki.translatorReader.allowHTML` is disabled.
- * Fixed markdown module to respect `jspwiki.translatorReader.allowHTML`
property, preventing XSS in markdown syntax.
- * Changes include improved input sanitization and added appropriate tests
for validation.
-
+* Fix for XBOW-024-109 XSS in JSPWiki Header Link Name
+ * Addressed XSS vulnerability in JSPWiki header link name by ensuring
proper HTML escaping when `jspwiki.translatorReader.allowHTML` is disabled.
+ * Fixed markdown module to respect `jspwiki.translatorReader.allowHTML`
property, preventing XSS in Markdown syntax.
+ * Changes include improved input sanitization and added appropriate tests
for validation.
**2024-12-19 Juan Pablo Santos (juanpablo AT apache DOT org)**
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index feed011a1..040da063c 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -69,7 +69,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "04";
+ public static final String BUILD = "05";
/**
* This is the generic version string you should use when printing out
the version. It is of
