Context Navigation

Changeset 3219730

Timestamp:

01/09/2025 03:42:11 PM (14 months ago)

Author:

tinuzz

Message:

Release v5.0.3

Location:

trackserver/trunk

Files:

-                      r2860786
+                      r3219730
         $class_str = '';
         if ( count( $classes ) ) {
             $class_str = 'class="' . implode( ' ', $classes ) . '"';
+            $class_str = 'class="' . esc_attr( implode( ' ', $classes ) ) . '"';
+        }
 …
         $class_str = '';
         if ( $atts['class'] ) {
             $class_str = 'class="' . htmlspecialchars( $atts['class'] ) . '"';
+            $class_str = 'class="' . esc_attr( $atts['class'] ) . '"';
+        }

-                      r3151401
+                      r3219730
 Tags: gps, gpx, map, leaflet, track, mobile, tracking
 Requires at least: 4.7
 Tested up to: 6.6
+Tested up to: 6.7
 Stable tag: trunk
 License: GPLv2 or later
 …
 == Changelog ==
+= v5.0.3 =
+Release date: 09 January 2025
+Fixed:
+* XSS in the 'tsmap' shortcode handler (CVE-2024-12505).
 = v5.0.2 =

-                      r2874962
+                      r3219730
 Plugin URI: https://www.grendelman.net/wp/trackserver-wordpress-plugin/
 Description: GPS Track Server for TrackMe, OruxMaps and others
 Version: 5.0.2
+Version: 5.0.3
 Author: Martijn Grendelman
 Author URI: http://www.grendelman.net/
 …
 === RELEASE HISTORY ===
+-01-09 - v5.0.3 - fix XSS in shortcode, reported by yudha @ Wordfence
 -03-05 - v5.0.2 - Bugfix
 -02-06 - v5.0  - new features, code refactoring, leaflet 1.9.3

Note: See TracChangeset for help on using the changeset viewer.