## Background Caja contains an optional feature, in the deprecated ES5/3 mode, to allow embedding Flash content. To do this, Caja has to specify options to prohibit the Flash content from being able to interact with the host page, bypassing the sandbox. A means was found to override this option.
## Impact and Advice Given that ES5/3 mode is already deprecated, and the state of Flash on the web, we have decided to resolve this by removing all remaining support for Flash in Caja. Users should upgrade to Caja v6013 https://github.com/ google/caja/releases/tag/v6013 <https://www.google.com/url?q=https://github.com/google/caja/releases/tag/v6013&sa=D&usg=AFQjCNFcxSXMMWKzbfXNjGSixctySwwSzA> or later, or if this is not immediately feasible, remove the `flash` option from their Caja configuration if it is present. If your application is not explicitly using the deprecated ES5/3 mode, this should not have any functional effect. -- --- You received this message because you are subscribed to the Google Groups "Google Caja Discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
