wiki:SecurityFixes/2018-07-02

[CVE-2018-0499] Incomplete HTML escaping by Xapian::MSet::snippet()

Vulnerable versions: xapian-core 1.4.5 and earlier (back to when this feature was added in development release 1.3.5; 1.2.x doesn't have this method, so isn't vulnerable).

Fixed in xapian-core 1.4.6

Last modified 8 months ago Last modified on 02/07/18 22:34:16