[ruby-talk:444035] [ANN] loofah security update v2.19.1

Mike_Dalessio1 · 13 December 2022 13:46

loofah v2.19.1 has been released. This a security update which addresses
multiple CVEs, and users are recommended to upgrade immediately.

The release notes
<https://github.com/flavorjones/loofah/releases/tag/v2.19.1> are reproduced
below, for more information please read the linked GHSAs.

···

---

2.19.1 / 2022-12-13Security

   - Address CVE-2022-23514, inefficient regular expression complexity. See
   GHSA-486f-hjj9-9vhh
   <https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh>
for
   more information.
   - Address CVE-2022-23515, improper neutralization of data URIs. See
   GHSA-228g-948r-83gx
   <https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx>
for
   more information.
   - Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm
   <https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm>
for
   more information.

Topic	Replies	Views
[ANN] loofah 2.3.0 released ruby-talk	418	28 September 2019
[ANN] loofah 2.4.0 released ruby-talk	428	25 November 2019
[ANN] loofah v2.2.0 released ruby-talk	414	11 February 2018
[ANN] loofah 2.0.0 Released ruby-talk	136	9 May 2014
[ANN] loofah 0.2.2 Released ruby-talk	96	31 August 2009