Skip to content

October 2020
Compare
Choose a tag to compare
@hohMiyazawa hohMiyazawa released this 01 Oct 22:22
· 1223 commits to master since this release
v9.94
0155dbb

A XSS vulnerability was found in version 2.0.7 of the library DOMpurify, which Automail uses.

This does not directly affect Automail, since the HTML I'm serving is the one provided by the Anilist API, which is what Anilist itself uses. That means if there's a vulnerability in that HTML, native Anilist has that vulnerability too, so Automail isn't adding any additional risk.

Nevertheless, I'm adding a new release here to match the new Firefox addon release of Automail, which uses DOMpurify 2.1.1

Assets 4
Loading