ApostropheCMS v2.119.1

Version Release Notes from May 27, 2021 (almost 3 years ago)

« Changelog History

ApostropheCMS v2.119.1 Release Notes

Release Date: 2021-05-27 // almost 3 years ago

🔒 Security Fixes

⚡️ The nlbr and nlp Nunjucks filters marked their output as safe to preserve the tags that they added, without first escaping their input, creating a CSRF risk. These filters have been updated to escape their input unless it has already been marked safe. No code changes are required to templates whose input to the filter is intended as plaintext, however if you were intentionally leveraging this bug to output unescaped HTML markup you will need to make sure your input is free of CSRF risks and then use the | safe filter before the | nlbr or | nlp filter.

🛠 Fixes
- ⚡️ Updates uses of "whitelist" to "allowlist" to follow project practices.

Awesome JavaScript is part of the LibHunt network. Terms. Privacy Policy.