From d4f260570abd934fcf3819370a135bef33d729b7 Mon Sep 17 00:00:00 2001
From: Oliver Hader <oliver@typo3.org>
Date: Tue, 13 Sep 2022 10:10:37 +0200
Subject: [PATCH] [SECURITY] Upgrade to typo3/html-sanitizer v2.0.16
see https://github.com/TYPO3/html-sanitizer/releases/tag/v2.0.16
composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16
composer req masterminds/html5:^2.7.6 typo3/html-sanitizer:^2.0.16 \
-d typo3/sysext/core --no-update
Resolves: #98340
Releases: main, 11.5, 10.4
Change-Id: I254ea25410e01f7610b0c4ef8b83441ab216f1ca
Security-Bulletin: TYPO3-CORE-SA-2022-011
Security-References: CVE-2022-36020
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75720
Tested-by: Oliver Hader <oliver.hader@typo3.org>
Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
---
composer.json | 4 ++--
composer.lock | 28 ++++++++++++++--------------
typo3/sysext/core/composer.json | 4 ++--
3 files changed, 18 insertions(+), 18 deletions(-)
diff --git a/composer.json b/composer.json
index a23afbdeaad0..b5d2083ed575 100644
--- a/composer.json
+++ b/composer.json
@@ -59,7 +59,7 @@
"guzzlehttp/promises": "^1.4.0",
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2",
"lolli42/finediff": "^1.0.2",
- "masterminds/html5": "^2.7.5",
+ "masterminds/html5": "^2.7.6",
"nikic/php-parser": "^4.14.0",
"phpdocumentor/reflection-docblock": "^5.2",
"phpdocumentor/type-resolver": "^1.4",
@@ -91,7 +91,7 @@
"typo3/class-alias-loader": "^1.1.4",
"typo3/cms-cli": "^3.1",
"typo3/cms-composer-installers": "^2.0 || ^3.0 || ^4.0",
- "typo3/html-sanitizer": "^2.0.15",
+ "typo3/html-sanitizer": "^2.0.16",
"typo3fluid/fluid": "^2.7.2"
},
"require-dev": {
diff --git a/composer.lock b/composer.lock
index ca0debf54732..0183e0cb621b 100644
--- a/composer.lock
+++ b/composer.lock
@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
- "content-hash": "5ab86abf9ebae977f6fb558e8c68b063",
+ "content-hash": "51ec4a5a4db76370664064eb7ef9751c",
"packages": [
{
"name": "bacon/bacon-qr-code",
@@ -1156,16 +1156,16 @@
},
{
"name": "masterminds/html5",
- "version": "2.7.5",
+ "version": "2.7.6",
"source": {
"type": "git",
"url": "https://github.com/Masterminds/html5-php.git",
- "reference": "f640ac1bdddff06ea333a920c95bbad8872429ab"
+ "reference": "897eb517a343a2281f11bc5556d6548db7d93947"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/Masterminds/html5-php/zipball/f640ac1bdddff06ea333a920c95bbad8872429ab",
- "reference": "f640ac1bdddff06ea333a920c95bbad8872429ab",
+ "url": "https://api.github.com/repos/Masterminds/html5-php/zipball/897eb517a343a2281f11bc5556d6548db7d93947",
+ "reference": "897eb517a343a2281f11bc5556d6548db7d93947",
"shasum": ""
},
"require": {
@@ -1219,9 +1219,9 @@
],
"support": {
"issues": "https://github.com/Masterminds/html5-php/issues",
- "source": "https://github.com/Masterminds/html5-php/tree/2.7.5"
+ "source": "https://github.com/Masterminds/html5-php/tree/2.7.6"
},
- "time": "2021-07-01T14:25:37+00:00"
+ "time": "2022-08-18T16:18:26+00:00"
},
{
"name": "nikic/php-parser",
@@ -4168,21 +4168,21 @@
},
{
"name": "typo3/html-sanitizer",
- "version": "v2.0.15",
+ "version": "v2.0.16",
"source": {
"type": "git",
"url": "https://github.com/TYPO3/html-sanitizer.git",
- "reference": "f9d501a9b8422df2aff4ce8f23684bb47e55f3c7"
+ "reference": "60bfdc7f9b394d0236e16ee4cea8372a7defa493"
},
"dist": {
"type": "zip",
- "url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/f9d501a9b8422df2aff4ce8f23684bb47e55f3c7",
- "reference": "f9d501a9b8422df2aff4ce8f23684bb47e55f3c7",
+ "url": "https://api.github.com/repos/TYPO3/html-sanitizer/zipball/60bfdc7f9b394d0236e16ee4cea8372a7defa493",
+ "reference": "60bfdc7f9b394d0236e16ee4cea8372a7defa493",
"shasum": ""
},
"require": {
"ext-dom": "*",
- "masterminds/html5": "^2.7",
+ "masterminds/html5": "^2.7.6",
"php": "^7.2 || ^8.0",
"psr/log": "^1.0 || ^2.0 || ^3.0"
},
@@ -4213,9 +4213,9 @@
"description": "HTML sanitizer aiming to provide XSS-safe markup based on explicitly allowed tags, attributes and values.",
"support": {
"issues": "https://github.com/TYPO3/html-sanitizer/issues",
- "source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.15"
+ "source": "https://github.com/TYPO3/html-sanitizer/tree/v2.0.16"
},
- "time": "2022-07-27T18:38:57+00:00"
+ "time": "2022-09-13T07:29:06+00:00"
},
{
"name": "typo3fluid/fluid",
diff --git a/typo3/sysext/core/composer.json b/typo3/sysext/core/composer.json
index 33018e82b70c..2b89acc1a726 100644
--- a/typo3/sysext/core/composer.json
+++ b/typo3/sysext/core/composer.json
@@ -41,7 +41,7 @@
"guzzlehttp/guzzle": "^7.4.5",
"guzzlehttp/psr7": "^1.8.5 || ^2.1.2",
"lolli42/finediff": "^1.0.2",
- "masterminds/html5": "^2.7.5",
+ "masterminds/html5": "^2.7.6",
"nikic/php-parser": "^4.14.0",
"psr/container": "^2.0",
"psr/event-dispatcher": "^1.0",
@@ -68,7 +68,7 @@
"typo3/class-alias-loader": "^1.1.4",
"typo3/cms-cli": "^3.1",
"typo3/cms-composer-installers": "^2.0 || ^3.0 || ^4.0",
- "typo3/html-sanitizer": "^2.0.15",
+ "typo3/html-sanitizer": "^2.0.16",
"typo3fluid/fluid": "^2.7.2"
},
"suggest": {
--
GitLab