Laravel 7.1.2 is released to address a possible XSS related attack vector in Blade Components

News

March 13th, 2020

Laravel 7.1.2 is released to address a possible XSS related attack vector in Blade Components

Laravel v7.1.2 has just been tagged and released to address a security issue in the Blade Component tag attributes:

Today we released Laravel 7.1.2 to address a possible XSS related attack vector in the Laravel 7.x Blade Component tag attributes when users are allowed to dictate the value of attributes. All Laravel 7.x users are encouraged to upgrade as soon as possible.

We would like to thank community member Anders Fajerson for bringing this to our attention.

It’s recommended everyone update as soon as possible. Typically just a composer update laravel/framework if you are running any version of Laravel 7.

Filed in:

News
Eric L. Barnes

Eric is the creator of Laravel News and has been covering Laravel since 2012.

Laravel News Partners

Newsletter

Join 33,000+ others and never miss out on new tips, tutorials, and more.

Laravel Jobs

The official Laravel job board connecting the best jobs with top talent.

View All Jobs
PHP/Laravel Engineer Senior Full Stack Engineer Backend Engineer Full Stack Laravel Developer Full Stack Laravel Developer Full-stack developer Lead Full Stack Software Engineer Full-Stack Web Developer Backend / Fullstack Developer - PHP & Laravel Senior Backend Developer Full-Stack Engineer: Laravel + Vue (Series A Startup) Senior Product Engineer Senior Programmer **Immediate Opening** (send resume to daniel@sbgcorp.com) PHP/Laravel Developer Senior Developer - Laravel/PHP - AI Startup for WordPress

Most recent