Commit Graph

5 Commits

Author SHA1 Message Date
Penar Musaraj f0e73cb126 SECURITY: Bump Handlebars to version 4.1.2
WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
2019-06-05 13:54:52 -04:00
Robin Ward adb9009374 SECURITY: Update Handlebars to 4.1
This is to address: https://www.npmjs.com/advisories/755

It is a low priority fix, as Discourse does not allow end users to input
raw handlebars templates.
2019-04-10 15:38:21 -04:00
Penar Musaraj c8c84f462b FIX: use Handlebars 4.0.12
Use 4.0.12 for both versions of Handlebars (runtime and not)
2019-01-14 12:56:14 -05:00
Robin Ward 4bbbdd8dc4 SECURITY: Upgrade Ember to fix CVE-2015-7565. Also upgrade Handlebars 2016-01-15 13:57:45 -05:00
Sam 43d63367fd PERF: stop loading handlebars and ember compilers in prod
(this removes a nice 50K from our initial payload and saves memory)

Also fixes invalid HTML automatically if added to HEAD or /BODY
2015-11-27 11:59:01 +11:00