v21.2.9
📦 angularView on GitHub →
🐛 5 fixes🔧 1 symbols
Summary
This release focuses on security and stability fixes across core, HTTP, platform-server, and router modules, addressing issues like SSRF bypasses and URL parsing normalization.
🐛 Bug Fixes
- Escaped forward slashes in transfer state to prevent crawler indexing.
- Added CSP nonce support to JsonpClientBackend.
- Prevented execution of 'Don't on Passthru' outside of a reactive context.
- Prevented SSRF bypasses via protocol-relative and backslash URLs.
- Normalized multiple leading slashes in the URL parser.