Due to a recently discovered SWF vulnerability, we are releasing YUI 3.10.1. Any project which is self-hosting YUI 3
.swf files should read the security bulletin and take action to resolve potential vulnerabilities on your servers.
YUI 3.10.1 is identical to 3.10.0, with the vulnerable
.swf files replaced with patched files. YUI 3.10.1 also reflects fixes in our build system that prevented some files from being included in the release. No other code changes have been included with this release.
Special thanks to Aleksandr Dobkin and Sebastian Roschke of the Google Security Team for reporting the issue.
In accordance with our Deprecation Policy, we are taking this opportunity to announce the deprecation of Simple YUI, and our intention to deprecate all
.swf-related features in a future release. Stay tuned to the Contributor Mailing List for ongoing discussion on these topics.
Comments are closed.