Funnelback patch 22.214.171.124
Applies to: v15.2.0
Internal reference: SUPPORT-2335, FUN-9496
Table of Contents
Fixes a cross site scripting vulnerability when unescaped HTML was provided to the CheckBlending macro’s linkText attribute.
web/templates/modernui/funnelback.ftl: Fix CheckBlending macro to escape all HTML (except 'em' tags historically used in this context).