File tree Expand file tree Collapse file tree 1 file changed +8
-7
lines changed Expand file tree Collapse file tree 1 file changed +8
-7
lines changed Original file line number Diff line number Diff line change 22 CSS4J RELEASE NOTES
33 ===================
44
5- Release 1.0.7 - ???? ?? , 2020 [This release is EOL and not formally supported]
5+ Release 1.0.7 - July 28 , 2020 [This release is EOL and not formally supported]
66------------------------------------------------------------------------------
77
88Release Highlights
99------------------
10- This release brings backports of a few bug fixes to the 1.x branch, although
11- users should upgrade to 2.0 or later as soon as possible (1.x is not formally
10+ The 1.x branch is vulnerable to denial of service attacks in var() substitution.
11+ Although this release has mitigation code, a carefully crafted style sheet that
12+ specifically targets css4j could be used to cause a DoS. Therefore, the usage of
13+ 1.x to process untrusted CSS should be avoided.
14+
15+ This release backports a few 2.0 improvements to the 1.x branch, although users
16+ should upgrade to 2.0 or later as soon as possible (1.x is not formally
1217maintained anymore). When upgrading, please keep in mind that 2.x releases
1318require Java 8 or higher.
1419
15- The 1.x branch is vulnerable to denial of service attacks in var() substitution.
16- Although the latest 1.x code has a tentative mitigation, it may not work in all
17- cases and the usage of 1.x to process untrusted CSS should be avoided.
18-
1920
2021Description
2122-----------
You can’t perform that action at this time.
0 commit comments