Upgrade TinyMCE to address GHSA-27gm-ghr9-4v95

plone / plone.staticresources

Static resources for Plone

https://pypi.org/project/plone.staticresources/

5 stars 12 forks source link

Upgrade TinyMCE to address GHSA-27gm-ghr9-4v95 #129

Closed nutjob4life closed 1 year ago

nutjob4life commented 3 years ago

Another vulnerability scan has shown that the TinyMCE component in plone.staticresources suffers fro Github vulnerabiltiy GHSA-27gm-ghr9-4v95. The suggested mitigation is to upgrade to TinyMCE 4.9.7 or 5.1.4.

The Prisma Cloud scan details are as follows:

Vulnerability ID: GHSA-27gm-ghr9-4v95
Severity: high
Package: tinymce
Version: 4.6.2
Fix status: Fixed in 5.1.4, 4.9.7

frapell commented 1 year ago

We are now on 5.10.2, I believe this can be closed