XSS vulnerability not caught by SafeHtml

Description

Through a security review we have discovered a problem related to Jsoup used by the SafeHtml validator. A fix has been submitted to Jsoup and the fix has now been released with version 1.8.3.

Please see the Jsoup pull request for details: https://github.com/jhy/jsoup/pull/582

Environment

None

Status

Assignee

Unassigned

Reporter

Tommy Johansen

Labels

Feedback Requested

None

Feedback Requested By

None

backPortable

None

Suitable for new contributors

Yes, likely

backportDecision

None

backportReEvaluate

None

Components

Fix versions

Affects versions

Priority

Minor
Configure