View Issue Details

IDProjectCategoryView StatusLast Update
0024297mantisbtsecuritypublic2019-04-04 04:24
ReporterdregadAssigned Todregad 
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionfixed 
Product Version2.1.0 
Target Version2.12.1Fixed in Version2.12.1 
Summary0024297: Update Parsedown library to 1.7.1
Description

Parsedown 1.6.x is vulnerable to XSS attacks (see 0024186). Vulnerabilities were fixed in 1.7.0 on 28-Feb-2018; 1.7.1 was released a few days later including a few additional bug fixes.

TagsNo tags attached.

Relationships

child of 0024186 closeddregad CVE-2018-1000162: XSS vulnerability in Parsedown library 

Activities

There are no notes attached to this issue.

Related Changesets

MantisBT: master-2.12 518d7529

2018-03-29 08:16:24

dregad

Details Diff
Update Parsedown to 1.7.1

- Set minimum required version to 1.7.0 in composer.json
- Run composer update
- Updating erusev/parsedown (1.6.3 => 1.7.1)

Fixes 0024186
Affected Issues
0024186, 0024297
mod - composer.json Diff File
mod - composer.lock Diff File

Issue History

Date Modified Username Field Change
2018-04-13 08:28 dregad New Issue
2018-04-13 08:28 dregad Status new => assigned
2018-04-13 08:28 dregad Assigned To => dregad
2018-04-13 08:28 dregad Issue generated from: 0024186
2018-04-13 08:28 dregad Relationship added child of 0024186
2018-04-13 08:34 dregad Status assigned => resolved
2018-04-13 08:34 dregad Resolution open => fixed
2018-04-13 08:37 dregad Status resolved => closed
2018-04-13 08:38 dregad Fixed in Version => 2.12.1
2019-04-04 03:32 dregad Changeset attached => MantisBT master-2.12 518d7529
2019-04-04 04:24 dregad Issue cloned: 0025675