Because developers trust Ember.js to handle sensitive customer data in
production, we take the security of the project seriously. The Ember
project maintains a clearly outlined security policy and a
low-traffic mailing list exclusively for security
announcements.
Security Releases: Ember.js 1.11.4, 1.12.2, 1.13.12, 2.0.3, 2.1.2, 2.2.1
Today we are announcing the release of Ember.js 1.11.4, 1.12.2, 1.13.12,
2.0.3, 2.1.2 and 2.2.1, which contain an important security fix.
- 1.11.4 -- Compare View
- 1.12.2 -- Compare View
- 1.13.12 -- Compare View
- 2.0.3 -- Compare View
- 2.1.2 -- Compare View
- 2.2.1 -- Compare View
- Additionally, the stable, beta and
masterbranches have been patched.
These releases contain a fix for an XSS vulnerability that you can learn
more about on our security mailing list:
It is recommended that you update immediately. In order to ease
upgrading, the only change in each release is the security fix.
We would like to thank Roman Shafigullin at LinkedIn for reporting the
issue, as well as core team member Robert Jackson at Twitch for patching
the vulnerability and doing the release engineering.
If you discover what you believe may be a security issue in Ember.js, we
ask that you follow our responsible disclosure
policy.
If you are using Ember.js in production, please consider subscribing to
our security announcements mailing
list. It is
extremely low-traffic and only contains announcements such as these.
Additional Reading