packagist league/commonmark 2.8.2
on PHP Packagist

8 hours ago

This is a security release to address an issue where the allowed_domains setting for the Embed extension can be bypassed, resulting in a possible SSRF and XSS vulnerabilities.

Fixed

  • Fixed DomainFilteringAdapter hostname boundary bypass where domains like youtube.com.evil could match an allowlist entry for youtube.com (GHSA-hh8v-hgvp-g3f5)

Full Changelog: 2.8.1...2.8.2

Check out latest releases or
releases around league/commonmark 2.8.2

Don't miss a new commonmark release

NewReleases is sending notifications on new releases.

Get notifications