Update to HTMLPurifier 4.6.0

Bug #1266976 reported by Aaron Wells on 2014-01-08
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Mahara
High
Robert Lyon
1.6
High
Unassigned
1.7
High
Unassigned
1.8
High
Unassigned

Bug Description

HTMLPurifier 4.6.0 came out in November 30, and it's a security release. So, we should update our version to that, and since it's a security release we should also backport it to 1.6, 1.7, and 1.8.

http://htmlpurifier.org/news/

CVE References

Reviewed: https://reviews.mahara.org/2909
Committed: http://gitorious.org/mahara/mahara/commit/b1211089e661ce6f9b7de8aade0e86a7dbeaa136
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit b1211089e661ce6f9b7de8aade0e86a7dbeaa136
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Patch for "1.7_STABLE" branch: https://reviews.mahara.org/2925

Mahara Bot (dev-mahara) wrote :

Patch for "1.6_STABLE" branch: https://reviews.mahara.org/2926

Reviewed: https://reviews.mahara.org/2924
Committed: http://gitorious.org/mahara/mahara/commit/67d9f6066bef9b7f294694820691c769ee9bbaff
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.8_STABLE

commit 67d9f6066bef9b7f294694820691c769ee9bbaff
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/2925
Committed: http://gitorious.org/mahara/mahara/commit/130c441ac9a50ad251dd08912e71e27c07781da3
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.7_STABLE

commit 130c441ac9a50ad251dd08912e71e27c07781da3
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Mahara Bot (dev-mahara) wrote :

Reviewed: https://reviews.mahara.org/2926
Committed: http://gitorious.org/mahara/mahara/commit/9ad29e96607b671b7c4a51fc7e5cef826e130635
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.6_STABLE

commit 9ad29e96607b671b7c4a51fc7e5cef826e130635
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-04-03
no longer affects: mahara/1.9
Robert Lyon (robertl-9) on 2014-04-22
Changed in mahara:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers