Hi Kasper, We would like to fix CVE-2018-8048, which was assigned some days ago, to loofah. A fix was released to address a potential XSS vulnerability caused by libxml2. See [1] and below:
On 18-03-22 01:04:23, Cédric Boutillier wrote: > On Wed, Mar 21, 2018 at 11:35:57PM +0100, Georg Faerber wrote: > > Please review / upload ruby-loofah 2.2.1-1, which fixes > > CVE-2018-8048. Changes pushed to git in branch d/2.2.1-1. > > This new version breaks two tests in ruby-rails-html-sanitizer (some > spaces changed in the output). I didn't check if there was some update > for this package which would reflect this. Any input on this? Would it be possible to release a new version addressing this? Thanks, cheers, Georg [1] https://github.com/flavorjones/loofah/issues/144
signature.asc
Description: Digital signature