This is a bit of an out of the ordinary release. Two security issues were discovered by @arkark where an app that uses dangerouslySetInnerHTML could lead to a prototype pollution vulnerability. We recommend every Fresh user to upgrade as soon as possible.
What's Changed
- fix: prototype pollution in deserializer by @lucacasonato in #2255
- fix:
__FRSH_STATEpotentially being overwritten by user code by @marvinhagemeister in #2256
Full Changelog: 1.6.2...1.6.3