You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -353,4 +354,33 @@ Previously in {productname}, the `role` attribute on listbox dialog components w
353
354
354
355
In {productname} {release-version}, this issue has been addressed by setting the `role` attribute to `combobox` when there are no nested menu items.
355
356
356
-
As a result, screen readers now announce the listbox as a combobox and the menu it opens as a listbox. This improvement ensures that the currently selected value is announced when tabbing to the select box, and the selected items are announced as a listbox.
357
+
As a result, screen readers now announce the listbox as a combobox and the menu it opens as a listbox. This improvement ensures that the currently selected value is announced when tabbing to the select box, and the selected items are announced as a listbox.
358
+
359
+
[[security-fixes]]
360
+
== Security fixes
361
+
362
+
{productname} {release-version} includes two fixes for the following security issues:
363
+
364
+
=== HTML entities that were double decoded in `noscript` elements caused an XSS vulnerability.
365
+
// #TINY-11019
366
+
367
+
A https://owasp.org/www-community/attacks/xss/[cross-site scripting] (XSS) vulnerability was discovered in {productname}'s content parsing code. This allowed specially crafted `noscript` elements containing malicious code to be executed when that content was loaded into the editor.
368
+
369
+
This vulnerability has been patched in {productname} {release-version}, {productname} 6.8.4 and {productname} 5.11.0 LTS by ensuring that content within `noscript` elements are properly parsed.
NOTE: Tiny Technologies would like to thank link:https://malavkhatri.com/[Malav Khatri (devilbugbounty)] and another reporter for discovering this vulnerability.
376
+
377
+
=== It was possible to inject XSS HTML that was not matching the regexp when using the `noneditable_regexp` option.
378
+
// #TINY-11022
379
+
380
+
A https://owasp.org/www-community/attacks/xss/[cross-site scripting] (XSS) vulnerability was discovered in {productname}'s content extraction code. When using the `noneditable_regexp` option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor.
381
+
382
+
This vulnerability has been patched in {productname} {release-version}, {productname} 6.8.4 and {productname} 5.11.0 LTS by ensuring that, when using the `noneditable_regexp` option, any content within an attribute is properly verified to match the configured regular expression before being added.
0 commit comments