v16.4.2
16.4.2 (August 1, 2018)
React DOM Server
-
Fix a potential XSS vulnerability when the attacker controls an attribute name (
CVE-2018-6341). This fix is available in the latestreact-dom@16.4.2, as well as in previous affected minor versions:react-dom@16.0.1,react-dom@16.1.2,react-dom@16.2.1, andreact-dom@16.3.3. (@gaearon in #13302) -
Fix a crash in the server renderer when an attribute is called
hasOwnProperty. This fix is only available inreact-dom@16.4.2. (@gaearon in #13303)