XSS vulnerability not caught by SafeHtml

Description

Through a security review we have discovered a problem related to Jsoup used by the SafeHtml validator. A fix has been submitted to Jsoup and the fix has now been released with version 1.8.3.

Please see the Jsoup pull request for details: https://github.com/jhy/jsoup/pull/582

Environment

None

Activity

Show:

Fixed

Details

Assignee

Unassigned

Reporter

Tommy Johansen

Labels

Bug Testcase Reminder (view)

Bug reports should generally be accompanied by a test case!

Bug Testcase Reminder (edit)

Bug reports should generally be accompanied by a test case!

Participants

Tommy Johansen

Pull Request

https://github.com/hibernate/hibernate-validator/pull/424

Components

Fix versions

4.3.3.Final

5.2.2.Final

Affects versions

5.2.1.Final

Priority

Minor

Created August 19, 2015 at 10:20 AM

Updated May 29, 2018 at 4:03 PM

Resolved May 29, 2018 at 4:03 PM

Configure