Project

General

Profile

Actions

Bug #24004

closed

Bug #24003: Update antisamy for security issue (CVE-2023-43643)

Add neko-htmlUnit as dependency due to security checks

Added by Vincent MEMBRÉ 11 months ago. Updated 10 months ago.

Status:
Released
Priority:
N/A
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
0
Name check:
To do
Fix check:
Checked
Regression:
No

Description

CVE https://nvd.nist.gov/vuln/detail/CVE-2023-49093 in neko < 3.9.0 is quite important. this is a dependency from antisamy that has been bumped to 2.7.4 in #24003

We also need to remove a dependency on batik-css that was needed in antisamy 2.7.3

Actions

Also available in: Atom PDF