Skip to content

v5.0.2

Compare
Choose a tag to compare
@OtterleyW OtterleyW released this 26 Nov 12:22
· 1380 commits to master since this release
471fe2a

v5.0.1 Changes

  • [fix] Fix XSS-vulnerability on SearchPage where URL param 'address' was exposed directly to
    schema, which is just a script tag: <script type="application/ld+json">. On server-side, this
    could leak malformed HTML through to browsers and made it possible to inject own script tags.

However, CSP prevents any data breach: injected js can't send data to unknown 3rd party sites.

NOTE: Check that REACT_APP_CSP is in block mode on your production environment. You can read more
from Flex docs: https://www.sharetribe.com/docs/guides/how-to-set-up-csp-for-ftw/
#62

  • [fix] Add missing translation key EditListingDescriptionPanel.createListingTitle and change link
    name in UserNav. #62