- From: Dan Fabulich <notifications@github.com>
- Date: Wed, 21 Oct 2020 23:49:30 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 22 October 2020 06:49:42 UTC
To emphasize that, if you're using DOMPurify 2.0.16, released Sep 18 2020 (33 days ago), then you missed DOMPurify 2.0.17 released Sep 20 (31 days ago), and you're now vulnerable. It isn't safe to use old versions of DOMPurify; this declarative shadow DOM doesn't fundamentally change that. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-714271965
Received on Thursday, 22 October 2020 06:49:42 UTC