loofah v2.19.1 has been released. This a security update which addresses
multiple CVEs, and users are recommended to upgrade immediately.
The release notes
<https://github.com/flavorjones/loofah/releases/tag/v2.19.1> are reproduced
below, for more information please read the linked GHSAs.
2.19.1 / 2022-12-13Security
- Address CVE-2022-23514, inefficient regular expression complexity. See
- Address CVE-2022-23515, improper neutralization of data URIs. See
- Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm