Skip to content

sassphp-0.2.1
Compare
Choose a tag to compare
@pilif pilif released this 18 May 14:21
· 61 commits to master since this release
v0.2.1
This tag was signed with the committer’s verified signature.
pilif Philip Hofstetter
GPG key ID: 768264336C53E05A
Learn about vigilant mode.
a43bba0

sassphp now tracks libsass v3.2.2. This is the first release that is somewhat recommended for public use. Compared to earlier commits that didn't have a named version assoicated with, this fixes two important
potential security issues:

  • in previous states, it was possible to overflow an internal buffer by telling sassphp to compile a non-existing file with a long name.

    Unless you have let sassphp compile user-supplied paths, this won't affect you.

  • due to libsass unexpectedly freeing a buffer passed to it, when compiling a SASS string using sassphp, a buffer was freed twice. This is a classic double-free issue for which currently no known exploit exists.

Assets 2
Loading