We're updating the issue view to help you get more done. 

XSS vulnerability not caught by SafeHtml

Description

Through a security review we have discovered a problem related to Jsoup used by the SafeHtml validator. A fix has been submitted to Jsoup and the fix has now been released with version 1.8.3.

Please see the Jsoup pull request for details: https://github.com/jhy/jsoup/pull/582

Environment

None

Status

Assignee

Unassigned

Reporter

Tommy Johansen

Labels

Worked in

None

Feedback Requested

None

Feedback Requested By

None

backPortable

None

Community Help Wanted

None

Suitable for new contributors

Yes, likely

Requires Release Note

None

backportDecision

None

backportReEvaluate

None

Components

Fix versions

Affects versions

5.2.1.Final

Priority

Minor