[8.0.4] - 2024-02-17
Identity Server 8.0.4 is a security release that addresses hundreds of security vulnerabilities in the IdentityServer8 code base. We recommend that you update to this version.
- Fix over 100+ security vulnerabilities in the IdentityServer8 code base:
- #17 Unsafe expansion of self-closing HTML tag
- #18 URL redirection from remote source
- #19 DOM text reinterpreted as HTML
- #20 Incomplete string escaping or encoding
- #21 Inefficient regular expression bug dependencies
- #22 Bad HTML filtering regexp bug dependencies
- #23 User-controlled bypass of sensitive method bug
- #24 Unsafe jQuery plugins bug dependencies
What's Changed
- Release/8.0.2 by @alexhiggins732 in #12
- Bump the npm_and_yarn group across 2 directories with 10 updates by @dependabot in #13
- Release/8.0.3 by @alexhiggins732 in #14
- Feature/upgrade old clients to dotnet8 by @alexhiggins732 in #15
- Feature/implicit usings by @alexhiggins732 in #16
- Feature/implicit usings - Add Implicit usings and DotNet8 style packaging and code to Samples by @alexhiggins732 in #28
- Code Cleanup by @alexhiggins732 in #33
- Identity Server 8 - Release/8.0.4 by @alexhiggins732 in #34
Full Changelog: 8.0.2...8.0.4
Contributors
alexhiggins732 and dependabot
Assets 14
0
Join discussion