Changelog for
ruby2.7-rubygem-loofah-2.22.0-150400.55.3.x86_64.rpm :
* Tue Nov 14 2023 dan.cermakAATTposteo.net- ## 2.22.0 / 2023-11-13 [#]## Added
* A `:targetblank` HTML scrubber which ensures all hyperlinks have `target=\"_blank\"`. [#275] AATTstefannibrasil and AATTthdaraujo
* A `:noreferrer` HTML scrubber which ensures all hyperlinks have `rel=noreferrer`, similar to the `:nofollow` and `:noopener` scrubbers. [#277] AATTwynksaiddestroy
* Fri Nov 03 2023 dan.cermakAATTposteo.net- ## 2.21.4 / 2023-10-10 [#]## Fixed
* `Loofah::HTML5::Scrub.scrub_css` is more consistent in preserving whitespace (and lack of whitespace) in CSS property values. In particular, `.scrub_css` no longer inserts whitespace between tokens that did not already have whitespace between them. [[#273](https://github.com/flavorjones/loofah/issues/273), fixes [#271](https://github.com/flavorjones/loofah/issues/271)] [#]# 2.21.3 / 2023-05-15 [#]## Fixed
* Quash \"instance variable not initialized\" warning in Ruby < 3.0. [[#268](https://github.com/flavorjones/loofah/issues/268)] (Thanks, [AATTdharamgollapudi](https://github.com/dharamgollapudi)!) [#]# 2.21.2 / 2023-05-11 [#]## Dependencies
* Update the dependency on Nokogiri to be `>= 1.12.0`. The dependency in 2.21.0 and 2.21.1 was left at `>= 1.5.9` but versions before 1.12 would result in a `NameError` exception. [[#266](https://github.com/flavorjones/loofah/issues/266)] [#]# 2.21.1 / 2023-05-10 [#]## Fixed
* Don\'t define `HTML5::Document` and `HTML5::DocumentFragment` when Nokogiri is `< 1.14`. In 2.21.0 these classes were defined whenever `Nokogiri::HTML5` was defined, but Nokogiri v1.12 and v1.13 do not support Loofah subclassing properly. [#]# 2.21.0 / 2023-05-10 [#]## HTML5 Support Classes `Loofah::HTML5::Document` and `Loofah::HTML5::DocumentFragment` are introduced, along with helper methods:- `Loofah.html5_document`- `Loofah.html5_fragment`- `Loofah.scrub_html5_document`- `Loofah.scrub_html5_fragment` These classes and methods use Nokogiri\'s HTML5 parser to ensure modern web standards are used. ⚠ HTML5 functionality is only available with Nokogiri v1.14.0 and higher. ⚠ HTML5 functionality is not available for JRuby. Please see [this upstream Nokogiri issue](https://github.com/sparklemotion/nokogiri/issues/2227) if you\'re interested in helping implement and support HTML5 support. [#]## `Loofah::HTML4` module and namespace `Loofah::HTML` has been renamed to `Loofah::HTML4`, and `Loofah::HTML` is aliased to preserve backwards-compatibility. `Nokogiri::HTML` and `Nokogiri::HTML4` parse methods still use libxml2\'s (or NekoHTML\'s) HTML4 parser. Take special note that if you rely on the class name of an object in your code, objects will now report a class of `Loofah::HTML4::Foo` where they previously reported `Loofah::HTML::Foo`. Instead of relying on the string returned by `Object#class`, prefer `Class#===` or `Object#is_a?` or `Object#instance_of?`. Future releases of Nokogiri may deprecate `HTML` classes and methods or otherwise change this behavior, so please start using `HTML4` in place of `HTML`. [#]## Official support for JRuby This version introduces official support for JRuby. Previously, the test suite had never been green due to differences in behavior in the underlying HTML parser used by Nokogiri. We\'ve updated the test suite to accommodate those differences, and have added JRuby to the CI suite. [#]# 2.20.0 / 2023-04-01 [#]## Features
* Allow SVG attributes `color-profile`, `cursor`, `filter`, `marker`, and `mask`. [[#246](https://github.com/flavorjones/loofah/issues/246)]
* Allow SVG elements `altGlyph`, `cursor`, `feImage`, `pattern`, and `tref`. [[#246](https://github.com/flavorjones/loofah/issues/246)]
* Allow protocols `fax` and `modem`. [[#255](https://github.com/flavorjones/loofah/issues/255)] (Thanks, [AATTcjba7](https://github.com/cjba7)!)
* Mon Mar 06 2023 paolo.peregoAATTsuse.com- udpated to version 2.19.1 [#]# 2.19.1 / 2022-12-13 [#]## SecurityAddress
* Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information.
* Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx for more information.
* Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm for more information.
* Mon Oct 10 2022 cooloAATTsuse.comupdated to version 2.19.0 see installed CHANGELOG.md [#]# 2.19.0 / 2022-09-14 [#]## Features
* Allow SVG 1.0 color keyword names in CSS attributes. These colors are part of the [CSS Color Module Level 3](https://www.w3.org/TR/css-color-3/#svg-color) recommendation released 2022-01-18. [[#243](https://github.com/flavorjones/loofah/issues/243)]
* Sun May 15 2022 mschnitzerAATTsuse.com- updated to version 2.18.0 [#]## Features
* Allow CSS property `aspect-ratio`. [[#236](https://github.com/flavorjones/loofah/issues/236)] (Thanks, [AATTlouim](https://github.com/louim)!) [#]# 2.17.0 / 2022-04-28 [#]## Features
* Allow ARIA attributes. [[#232](https://github.com/flavorjones/loofah/issues/232), [#233](https://github.com/flavorjones/loofah/issues/233)] (Thanks, [AATTnick-desteffen](https://github.com/nick-desteffen)!)
* Thu Apr 28 2022 cooloAATTsuse.comupdated to version 2.16.0 see installed CHANGELOG.md [#]# 2.16.0 / 2022-04-01 [#]## Features
* Allow MathML elements `menclose` and `ms`, and MathML attributes `dir`, `href`, `lquote`, `mathsize`, `notation`, and `rquote`. [[#231](https://github.com/flavorjones/loofah/issues/231)] (Thanks, [AATTnick-desteffen](https://github.com/nick-desteffen)!) [#]# 2.15.0 / 2022-03-14 [#]## Features
* Expand set of allowed protocols to include `sms:`. [[#228](https://github.com/flavorjones/loofah/issues/228)] (Thanks, [AATTbrendon](https://github.com/brendon)!)
* Thu Mar 03 2022 cooloAATTsuse.comupdated to version 2.14.0 see installed CHANGELOG.md [#]# 2.14.0 / 2022-02-11 [#]## Features
* The `#to_text` method on `Loofah::HTML::{Document,DocumentFragment}` replaces `
` line break elements with a newline. [[#225](https://github.com/flavorjones/loofah/issues/225)]
* Fri Dec 24 2021 mschnitzerAATTsuse.com- updated to version 2.13.0 [#]## Bug fixes
* Loofah::HTML::DocumentFragment#text no longer serializes top-level comment children. [[#221](https://github.com/flavorjones/loofah/issues/221)]
* Wed Aug 25 2021 mschnitzerAATTsuse.com- updated to version 2.12.0 [#]# 2.12.0 / 2021-08-11 [#]## Features
* Support empty HTML5 data attributes. [[#215](https://github.com/flavorjones/loofah/issues/215)] [#]# 2.11.0 / 2021-07-31 [#]## Features
* Allow HTML5 element `wbr`.
* Allow all CSS property values for `border-collapse`. [[#201](https://github.com/flavorjones/loofah/issues/201)] [#]## Changes
* Deprecating `Loofah::HTML5::SafeList::VOID_ELEMENTS` which is not a canonical list of void HTML4 or HTML5 elements.
* Removed some elements from `Loofah::HTML5::SafeList::VOID_ELEMENTS` that either are not acceptable elements or aren\'t considered \"void\" by libxml2.
* Thu Jun 24 2021 cooloAATTsuse.comupdated to version 2.10.0 see installed CHANGELOG.md [#]# 2.10.0 / 2021-06-06 [#]## Features
* Allow CSS properties `overflow-x` and `overflow-y`. [[#206](https://github.com/flavorjones/loofah/issues/206)] (Thanks, [AATTsampokuokkanen](https://github.com/sampokuokkanen)!)
* Tue Apr 20 2021 mschnitzerAATTsuse.com- updated to version 2.9.1 [#]## Bug fixes
* Fix a regression in v2.9.0 which inappropriately removed CSS properties with quoted string values. [[#202](https://github.com/flavorjones/loofah/issues/202)]
* Wed Jan 20 2021 mschnitzerAATTsuse.com- updated to version 2.9.0
* Handle CSS functions in a CSS shorthand property (like `background`). [[#199](https://github.com/flavorjones/loofah/issues/199), [#200](https://github.com/flavorjones/loofah/issues/200)]
* Fri Dec 11 2020 mschnitzerAATTsuse.com- updated to version 2.8.0
* Allow CSS properties `order`, `flex-direction`, `flex-grow`, `flex-wrap`, `flex-shrink`, `flex-flow`, `flex-basis`, `flex`, `justify-content`, `align-self`, `align-items`, and `align-content`. [[#197](https://github.com/flavorjones/loofah/issues/197)] (Thanks, [AATTmiguelperez](https://github.com/miguelperez)!)
* Sat Sep 12 2020 mschnitzerAATTsuse.com- updated to version 2.7.0 [#]## Features
* Allow CSS properties `page-break-before`, `page-break-inside`, and `page-break-after`. [[#190](https://github.com/flavorjones/loofah/issues/190)] (Thanks, [AATTahorek](https://github.com/ahorek)!) [#]## Fixes
* Don\'t drop the `!important` rule from some CSS properties. [[#191](https://github.com/flavorjones/loofah/issues/191)] (Thanks, [AATTb7kich](https://github.com/b7kich)!)
* Thu Jun 25 2020 mschnitzerAATTsuse.com- updated to version 2.6.0
* Allow CSS border-style keywords. [#188] (Thanks, AATTtarcisiozf!)
* Mon Apr 27 2020 mschnitzerAATTsuse.com- updated to version 2.5.0 [#]## Features
* Allow more CSS length units: \"ch\", \"vw\", \"vh\", \"Q\", \"lh\", \"vmin\", \"vmax\". [#178] (Thanks, AATTJuanitoFatas!) [#]## Fixes
* Remove comments from `Loofah::HTML::Document`s that exist outside the `html` element. [#80] [#]## Other changes
* Gem metadata being set [#181] (Thanks, AATTJuanitoFatas!)
* Test files removed from gem file [#180,#166,#159] (Thanks, AATTJuanitoFatas and AATTgreysteil!)
* Thu Nov 28 2019 mschnitzerAATTsuse.com- updated to version 2.4.0 [#]## Features
* Allow CSS property `max-width` [#175] (Thanks, AATTbchaney!)
* Allow CSS sizes expressed in `rem` [#176, #177]
* Add `frozen_string_literal: true` magic comment to all `lib` files. [#118]
* Tue Nov 12 2019 mschnitzerAATTsuse.com- updated to version 2.3.1 Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This CVE\'s public notice is at #171
* Tue Nov 06 2018 mschnitzerAATTsuse.com- updated to version 2.2.3 [#]## Security (bsc#1113969, CVE-2018-16468) Address CVE-2018-16468: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. This CVE\'s public notice is at https://github.com/flavorjones/loofah/issues/154 [#]# Meta / 2018-10-27 The mailing list is now on Google Groups [#146](https://github.com/flavorjones/loofah/issues/146):
* Mail: loofah-talkAATTgooglegroups.com
* Archive: https://groups.google.com/forum/#!forum/loofah-talk This change was made because librelist no longer appears to be maintained.
* Fri Mar 23 2018 dkangAATTsuse.com- update to version 2.2.2
* Make public Loofah::HTML5::Scrub.force_correct_attribute_escaping!, which was previously a private method. This is so that downstream gems (like rails-html-sanitizer) can use this logic directly for their own attribute scrubbers should they need to address CVE-2018-8048. fix bsc#1086598
* Tue Mar 20 2018 dkangAATTsuse.com- Update to version 2.2.1 Fix XSS Vulnerability [CVE-2018-8048] fix bsc#1085967
* Thu Feb 15 2018 mrueckertAATTsuse.de- also set a description again
* Mon Feb 12 2018 bgeukenAATTsuse.com- Update to version 2.2.0 Features:
* Support HTML5
tag. #133 (Thanks, AATTMothOnMars!)
* Recognize HTML5 block elements. #136 (Thanks, AATTMothOnMars!)
* Support SVG tag. #131 (Thanks, AATTbaopham!)
* Support for whitelisting CSS functions, initially just calc and rgb. #122/#123/#129 (Thanks, AATTNikoRoberts!)
* Whitelist CSS property list-style-type. #68/#137/#142 (Thanks, AATTandela-ysanni and AATTNikoRoberts!) Bugfixes:
* Properly handle nested script tags. #127.
* Fri Oct 13 2017 mschnitzerAATTsuse.com- updated to version 2.1.1 2.1.1 / 2017-09-24 Bugfixes:
* Removed warning for unused variable. #124 (Thanks, AATTy-yagi!)
* Tue Aug 18 2015 cooloAATTsuse.com- updated to version 2.0.3 see installed CHANGELOG.rdoc == 2.0.3 / 2015-08-17 Bug fixes:
* Revert support for negative values in CSS properties due to slow performance. #90 (Related to #85.)
* Wed May 06 2015 cooloAATTsuse.com- updated to version 2.0.2 see installed CHANGELOG.rdoc == 2.0.2 / 2015-05-05 Bug fixes:
* Fix error with `#to_text` when Loofah::Helpers hadn\'t been required. #75
* Allow multi-word data attributes. #84 (Thanks, AATTjstorimer!)
* Allow negative values in CSS properties. #85 (Thanks, AATTsiddhartham!)
* Wed Nov 12 2014 cooloAATTsuse.com- updated to version 2.0.1 Bug fixes:
* Load RR correctly when running test files directly. (Thanks, AATTktdreyer!) Notes:
* Extracted HTML5::Scrub#scrub_css_attribute to accommodate the Rails integration work. (Thanks, AATTkaspth!)
* Mon Oct 13 2014 cooloAATTsuse.com- adapt to new rubygem packaging
