Cross Scripting Warning

Viewing 4 replies - 1 through 4 (of 4 total)

  • I’m also curious about this. I can’t see any reference to XSS fixes in the changelog.

    Plugin Support Md Mazedul Islam Khan

    (@mazedulislamkhan)

    @rik0399 If you’re running the Yoast SEO v5.7.1, please update your plugin to the latest version 5.8 as it was fixed in the latest version.

    @wpdevuk While the changelog says nothing about this, we can confirm that it has been fixed in the Yoast SEO v5.8. We recommend you please update your plugin to the latest version.

    @mazedulislamkhan thanks for the fast response. As someone who manages a lot of sites I often keep an eye on changelogs to see whether an update is security related and therefore time sensitive. Is there a reason this vulnerability is not included? Will future security issues be disclosed publicly or do we need to rely on third party sites to alert us? Thank you for all your work.

    We were alerted to this issue after we already fixed it by refactoring that part of Yoast SEO. As a result, there was no specific pull request to resolve this particular issue.

    And as a result of that, when going over the commits to create the changelog, we missed that we fixed this issue in the process.

    We’ll keep an extra eye out for situations like this in the future, so that security fixes are always in the changelog.

    TL;DR: it should have been in the changelog, but we missed that we’d resolved it when writing the changelog. In the future, all (security) fixes will be listed.

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Cross Scripting Warning’ is closed to new replies.