Headline
CVE-2022-2113: Back porting of security patches (#3197) · inventree/InvenTree@26bf51c
Cross-site Scripting (XSS) - Stored in GitHub repository inventree/inventree prior to 0.7.2.
Permalink
Browse files
Back porting of security patches (#3197)
* Merge pull request from GHSA-fr2w-mp56-g4xp
* Enforce file download for attachments table(s)
* Enforce file download for attachment in ‘StockItemTestResult’ table
(cherry picked from commit 76aa3a7)
* Merge pull request from GHSA-7rq4-qcpw-74gq
* Merge pull request from GHSA-rm89-9g65-4ffr
* Enable HTML escaping for all tables by default
* Enable HTML escaping for all tables by default
* Adds automatic escaping for bootstrap tables where custom formatter function is specified
- Intercept the row data *before* it is provided to the renderer function
- Adds a function for sanitizing nested data structure
* Sanitize form data before processing
(cherry picked from commit cd418d6)
* Increment version number for release
* Fix sanitization for array case - was missing a return value
- Loading branch information