0
0
mirror of https://github.com/ezyang/htmlpurifier.git synced 2024-11-09 15:28:40 +00:00
htmlpurifier/WHATSNEW
Edward Z. Yang 656a0c95bf Add update Freshmeat script.
git-svn-id: http://htmlpurifier.org/svnroot/htmlpurifier/trunk@1818 48356398-32a2-884e-a903-53898d9a118a
2008-06-20 01:48:46 +00:00

9 lines
587 B
Plaintext

HTML Purifier 3.1.1 is a security and bugfix release. This release addresses
two security vulnerabilities, both related to CSS, and one of which only
applies to users using Shift_JIS as their output encoding. There is also
a security improvement regarding the imagecrash attack. There is a backwards
incompatible change in which resources are no longer munged
by default; please enable using %URI.MungeResources. Besides this, there
are numerous improvements to URI munging, esp. with the addition of
%URI.MungeSecretKey, as well as an experimental %HTML.SafeObject and %HTML.SafeEmbed.