Skip to content

Releases: OWASP/json-sanitizer

v1.2.2

11 Jan 15:58
@mikesamuel mikesamuel
v1.2.2
This tag was signed with the committer’s verified signature.
mikesamuel Mike Samuel
GPG key ID: 39450183608E49D4
Verified
Learn about vigilant mode.
c999c7f
This commit was signed with the committer’s verified signature.
mikesamuel Mike Samuel
GPG key ID: 39450183608E49D4
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.2 Latest
Latest
  • Escape tab characters since some JSON parsers do not allow raw tabs in string literals
  • Fixed bug: better handling for number literals that do not fit in 64 bits and numbers that look like C octal or hex literals.
Assets 2
Loading

v1.2.1

09 Jun 18:42
@mikesamuel mikesamuel
v1.2.1
This tag was signed with the committer’s verified signature.
mikesamuel Mike Samuel
GPG key ID: 961AD55F48BD3398
Verified
Learn about vigilant mode.
b3ebd8b
This commit was signed with the committer’s verified signature.
mikesamuel Mike Samuel
GPG key ID: 961AD55F48BD3398
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.2.1

Users of com.mikesamuel:json-sanitizer should upgrade to version 1.2.1 or later.

A bug in com.mikesamuel:json-sanitizer:1.2.0 and prior allows an attacker who controls the content of a JSON string that is later embedded in an HTML <script> element to confuse the HTML parser as to where the <script> element ends. If the attacker also controls other content, e.g. a string of non-JavaScript content adjacent to the <script> element, this can lead to arbitrary JavaScript execution.

See #20 (comment) for details.

CVE-2020-13973

Loading

1.2.0

18 Jul 20:45
@mikesamuel mikesamuel
release-1.2.0
This tag was signed with the committer’s verified signature. The key has expired.
mikesamuel Mike Samuel
GPG key ID: 2A7E27C7D8A43411
Expired
Verified
Learn about vigilant mode.
bb41f80
Compare
Choose a tag to compare
1.2.0

Site documentation update

Loading