Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
There was one CVE filed against the loofah gem, this bumps the version from 1.8.4 to 1.8.5 [CVE-2018-16468][1] > moderate severity > Vulnerable versions: < 2.2.3 > Patched version: 2.2.3 > > In the Loofah gem for Ruby, through version 2.2.2, unsanitized > JavaScript may occur in sanitized output when a crafted SVG element is > republished. Users are advised to upgrade to version 2.2.3. See flavorjones/loofah#154 for more details. [1]: https://nvd.nist.gov/vuln/detail/CVE-2018-16468
- Loading branch information