Grav/system at a4c3a3af6df764a3f2cfed5b5931493a95cc5248 - Grav

mirror of https://github.com/getgrav/grav.git synced 2026-03-01 18:11:25 +01:00

Files

Andy Miller a4c3a3af6d Add isindex to XSS dangerous tags (CVE-2023-31506 / GHSA-h85h-xm8x-vfw7)

The original CVE-2023-31506 fix missed the deprecated <isindex> HTML tag,
which can still be used for XSS via event handlers like onmouseover.

The <isindex> tag is deprecated in HTML5 and has no legitimate modern use.

2025-11-29 21:07:23 -07:00

assets

fixed for tests

2025-04-01 17:03:42 -06:00

blueprints

Fix email disclosure in user edit page title (GHSA-4cwq-j7jv-qmwg)

2025-11-29 18:27:08 -07:00

config

Add isindex to XSS dangerous tags (CVE-2023-31506 / GHSA-h85h-xm8x-vfw7)

2025-11-29 21:07:23 -07:00

images

Watermark Media Action (#3308 )

2021-10-21 06:31:33 -06:00

languages

added configurable snapshot pruning amount

2025-11-14 11:33:07 +00:00

pages

Do not cache 404 [#3025 ]

2020-10-05 11:16:17 +03:00

src

Merge branch 'fix/GHSA-x62q-p736-3997-GHSA-gq3g-666w-7h85-admin-security' into 1.8

2025-11-29 17:52:03 -07:00

templates

Fixed issue with content-security-policy not being properly supported with http-equiv + support single quotes

2021-02-08 11:45:22 -07:00

defines.php

prepare beta release

2025-11-29 11:02:20 -07:00

install.php

preflight integration for cli

2025-11-14 11:32:58 +00:00

recovery.php

support labels in recovery mode

2025-10-19 21:44:29 -06:00

rector.php

rector casting clarity

2025-09-20 22:49:21 -06:00

router.php

PHP 8.2+ fixes

2025-09-20 22:12:55 -06:00