Through a security review we have discovered a problem related to Jsoup used by the SafeHtml validator. A fix has been submitted to Jsoup and the fix has now been released with version 1.8.3.
Please see the Jsoup pull request for details: https://github.com/jhy/jsoup/pull/582