---
- branch: MAIN
  date: Tue Oct 22 16:24:20 UTC 2019
  files:
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/www/ruby-loofah/Makefile
    pathrev: pkgsrc/www/ruby-loofah/Makefile@1.6
    type: modified
  - new: '1.6'
    old: '1.5'
    path: pkgsrc/www/ruby-loofah/distinfo
    pathrev: pkgsrc/www/ruby-loofah/distinfo@1.6
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/www/ruby-loofah/PLIST
    pathrev: pkgsrc/www/ruby-loofah/PLIST@1.5
    type: modified
  id: 20191022T162420Z.ea2e18850bd44b0f1359b46dae0826b9efb62978
  log: |
    www/ruby-loofah: update to 2.3.1

    ## 2.3.1 / 2019-10-22

    ### Security

    Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.

    This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171

    ## 2.3.0 / unreleased

    ### Features

    * Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
    * Expand set of allowed CSS functions. [related to #122]
    * Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
    * Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
    * Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
    * Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)

    ### Bug fixes

    * CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)

    ### Deprecations / Name Changes

    The following method and constants are hereby deprecated, and will be completely removed in a future release:

    * Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
    * Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
    * Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.

    Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/www/ruby-loofah'
  unixtime: '1571761460'
  user: taca