Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #47603 postcss: 8.4.49, 8.5.1, 8.5.3, 8.5.6, 8.5.8 -> 8.5.12
    Infos
    #47603
    Joris MASSON (jmasson)
    2026-04-28 17:41
    2026-04-27 11:25
    49330
    Details
    postcss: 8.4.49, 8.5.1, 8.5.3, 8.5.6, 8.5.8 -> 8.5.12

    Fixes CVE-2026-41305 (See advisory: https://github.com/advisories/GHSA-qx2v-qp2m-jg93)

    Tuleap is not affected by it because we always use a bundler, and never output user-controlled CSS parsed by PostCSS into <style> HTML tag.

    Changelog: https://github.com/postcss/postcss/blob/8.5.12/CHANGELOG.md#8512

    Dev tools
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Joris MASSON (jmasson)
    Closed
    2026-04-27
    Attachments
    Empty
    References
    Referenced by request #47603

    Artifact

    rel #47138 17.6

    Other

    gerrit #37556
    Display settings

    Follow-ups