Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Switch back to release version of sanitize-html #17231

Merged
merged 2 commits into from
May 11, 2021
Merged

Conversation

jryans
Copy link
Collaborator

@jryans jryans commented May 10, 2021

The limit depth option has been available in a released version for a while now.

@jryans
Copy link
Collaborator Author

jryans commented May 10, 2021

matrix-org/matrix-react-sdk#6007 should help with the type errors here.

The limit depth option has been available in a released version for a while now.
@jryans jryans force-pushed the jryans/sanitize-upgrade branch from 052a38a to dbd4e20 Compare May 10, 2021 16:48
@jryans jryans merged commit 4ef7cee into develop May 11, 2021
netbsd-srcmastr pushed a commit to NetBSD/pkgsrc that referenced this pull request Jun 6, 2021
Changes in [1.7.29](https://github.com/vector-im/element-web/releases/tag/v1.7.29) (2021-05-24)
===============================================================================================
[Full Changelog](element-hq/element-web@v1.7.29-rc.1...v1.7.29)

## Security notice

Element Web 1.7.29 fixes (by upgrading to olm 3.2.3) an issue in code used for
decrypting server-side stored secrets. The issue could potentially allow a
malicious homeserver to cause a stack buffer overflow in the affected function
and to control that function's local variables.

## All changes

 * Upgrade to React SDK 3.22.0 and JS SDK 11.1.0
 * [Release] Bump libolm dependency, and update package name
   [\#17456](element-hq/element-web#17456)

Changes in [1.7.29-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.29-rc.1) (2021-05-19)
=========================================================================================================
[Full Changelog](element-hq/element-web@v1.7.28...v1.7.29-rc.1)

 * Upgrade to React SDK 3.22.0-rc.1 and JS SDK 11.1.0-rc.1
 * Translations update from Weblate
   [\#17384](element-hq/element-web#17384)
 * Prevent minification of `.html` files
   [\#17349](element-hq/element-web#17349)
 * Update matrix-widget-api/react-sdk dependency reference
   [\#17346](element-hq/element-web#17346)
 * Add `yarn start:https`
   [\#16989](element-hq/element-web#16989)
 * Translations update from Weblate
   [\#17239](element-hq/element-web#17239)
 * Remove "in development" flag from voice messages labs documentation
   [\#17204](element-hq/element-web#17204)
 * Add required webpack+jest config to load Safari support modules
   [\#17193](element-hq/element-web#17193)

Changes in [1.7.28](https://github.com/vector-im/element-web/releases/tag/v1.7.28) (2021-05-17)
===============================================================================================
[Full Changelog](element-hq/element-web@v1.7.28-rc.1...v1.7.28)

## Security notice

Element Web 1.7.28 fixes (by upgrading to matrix-react-sdk 3.21.0) a low
severity issue (GHSA-8796-gc9j-63rv) related to file upload. When uploading a
file, the local file preview can lead to execution of scripts embedded in the
uploaded file, but only after several user interactions to open the preview in
a separate tab. This only impacts the local user while in the process of
uploading. It cannot be exploited remotely or by other users. Thanks to
[Muhammad Zaid Ghifari](https://github.com/MR-ZHEEV) for responsibly disclosing
this via Matrix's Security Disclosure Policy.

## All changes

 * Upgrade to React SDK 3.21.0 and JS SDK 11.0.0

Changes in [1.7.28-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.28-rc.1) (2021-05-11)
=========================================================================================================
[Full Changelog](element-hq/element-web@v1.7.27...v1.7.28-rc.1)

 * Upgrade to React SDK 3.21.0-rc.1 and JS SDK 11.0.0-rc.1
 * Switch back to release version of `sanitize-html`
   [\#17231](element-hq/element-web#17231)
 * Bump url-parse from 1.4.7 to 1.5.1
   [\#17199](element-hq/element-web#17199)
 * Bump lodash from 4.17.20 to 4.17.21
   [\#17205](element-hq/element-web#17205)
 * Bump hosted-git-info from 2.8.8 to 2.8.9
   [\#17219](element-hq/element-web#17219)
 * Disable host checking on the webpack dev server
   [\#17194](element-hq/element-web#17194)
 * Bump ua-parser-js from 0.7.23 to 0.7.24
   [\#17190](element-hq/element-web#17190)

Changes in [1.7.27](https://github.com/vector-im/element-web/releases/tag/v1.7.27) (2021-05-10)
===============================================================================================
[Full Changelog](element-hq/element-web@v1.7.27-rc.1...v1.7.27)

 * Upgrade to React SDK 3.20.0 and JS SDK 10.1.0

Changes in [1.7.27-rc.1](https://github.com/vector-im/element-web/releases/tag/v1.7.27-rc.1) (2021-05-04)
=========================================================================================================
[Full Changelog](element-hq/element-web@v1.7.26...v1.7.27-rc.1)

 * Upgrade to React SDK 3.20.0-rc.1 and JS SDK 10.1.0-rc.1
 * Translations update from Weblate
   [\#17160](element-hq/element-web#17160)
 * Document option for obeying asserted identity
   [\#17008](element-hq/element-web#17008)
 * Implement IPC call to Electron to set language
   [\#17052](element-hq/element-web#17052)
 * Convert Vector skin react components to Typescript
   [\#17061](element-hq/element-web#17061)
 * Add code quality review policy
   [\#16980](element-hq/element-web#16980)
 * Register RecorderWorklet from react-sdk
   [\#17013](element-hq/element-web#17013)
 * Preload Inter font to avoid FOIT on slow connections
   [\#17039](element-hq/element-web#17039)
 * Disable `postcss-calc`'s noisy `warnWhenCannotResolve` option
   [\#17041](element-hq/element-web#17041)
@t3chguy t3chguy deleted the jryans/sanitize-upgrade branch May 12, 2022 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants