Vanilla 220.127.116.11 - Security release for old 2.0.18 installs
If you are on 2.0.18 (or any 2.0.* release) and have not yet made the upgrade to 2.1, this would be a great time to get moving! If you're still not ready leave our glorious 2.0 days behind, fear not, the latest security patch is here.
The 2.0 code base is only being given important security patches, and only until the end of 2014.
In this release, we close recently discovered XSS exploits:
- HtmLawed is upgraded and its filtering tightened (thanks @x00 & Psych0tr1a)
- parseJSON() is substituted for eval() in 2 places