Summernote update due to security issues and the danger of xss

Is there the possibility we get an update for Summernote?
It is natively in Wappler with version 0.8.21-beta.2.
The problem about this:
There are several XSS problems in this version as stated here: Cross-site Scripting (XSS) in summernote | CVE-2024-37629 | Snyk and here: SummerNote 0.8.18+ is vulnerable to Cross Site Scripting (XSS) via the Insert Link Function · Issue #4646 · summernote/summernote · GitHub.

I know there should be always a sanitization of the HTML on the server side. Still, we can prevent it already (at least somehow) on the frontend with the new update of 0.91.

Cheers! :slight_smile:

Summernote has been updated to the latest version now.

This topic was automatically closed after 12 hours. New replies are no longer allowed.