Changelog History
Page 4
-
v4.1.1 Changes
March 16, 2019๐ Bugfixes:
- ๐ fix: add "runtime.d.ts" to allow "require('handlebars/runtime')" in TypeScript - 5cedd62
๐จ Refactorings:
- replace "async" with "neo-async" - 048f2ce
- ๐ use "substring"-function instead of "substr" - 445ae12
Compatibility notes:
- ๐ This is a bugfix release. There are no breaking change and no new features.
-
v4.1.0 Changes
February 07, 2019๐ New Features
- import TypeScript typings - 27ac1ee
๐ Security fixes:
- disallow access to the constructor in templates to prevent RCE - 42841c4, #1495
Housekeeping
- ๐ chore: fix components/handlebars package.json and auto-update on release - bacd473
- ๐ chore: Use node 10 to build handlebars - 78dd89c
- ๐ chore/doc: Add more release docs - 6b87c21
Compatibility notes:
Access to class constructors (i.e.
({}).constructor
) is now prohibited to prevent Remote Code Execution. This means that following construct will no work anymore:class SomeClass { } SomeClass.staticProperty = 'static' var template = Handlebars.compile('{{constructor.staticProperty}}'); document.getElementById('output').innerHTML = template(new SomeClass()); // expected: 'static', but now this is empty.
This kind of access is not the intended use of Handlebars and leads to the vulnerability described in #1495. We will not increase the major version, because such use is not intended or documented, and because of the potential impact of the issue (we fear that most people won't use a new major version and the issue may not be resolved on many systems).
-
v4.0.14
April 13, 2019 -
v4.0.13 Changes
February 07, 20192019-02-02
-
v4.0.13-beta.0
February 02, 2019 -
v4.0.13-0
February 02, 2019 -
v4.0.12 Changes
September 04, 2018๐ New features:
- none
โก๏ธ Various dependency updates
- ๐ #1464 - Bump versions of grunt-plugins to 1.x
- โก๏ธ #1398 - Chore: updated various dev dependencies
- โฌ๏ธ upgrade uglify-js - d3d3942
- โก๏ธ Update grunt-eslint to 20.1.0 - 7729aa9
- โก๏ธ Update dependencies "async" to 2.5.0 and "source-map" to 0.6.1 (73d5637)
๐ Bugfixes:
- ๐ฆ components/handlebars.js#24 Add package.json to components shim
- โก๏ธ Updated
source-map
-package should work better withrollup
#1463
โ Removed obsolete code:
- unnecessary check - 0ddff8b
- ๐ Use
files
field - 69c6ca5 - โก๏ธ Update jsfiddle to 4.0.11 - 8947dd0
Compatibility notes:
- No compatibility issues are to be expected
-
v4.0.11 Changes
October 17, 2017- #1391 -
uglify-js
is unconditionally imported, but only listed as optional dependency (@Turbo87) - ๐ #1233 - Unable to build under windows - error at test:bin task (@blikblum)
- โก๏ธ Update (C) year in the LICENSE file - 21386b6
Compatibility notes:
- ๐ This is a bugfix release. There are no breaking change and no new features.
- #1391 -
-
v4.0.10 Changes
May 21, 2017- ๐ Fix regression in 4.0.9: Replace "Object.assign" (not support in IE) by "util/extend" - 0e953d1
-
v4.0.9 Changes
May 21, 2017- #1327 Handlebars.compile() does not modify "options" anymore
- ๐ pending #1331 Attempts to build Handlebars in a Windows environment
- Fix build in windows - cc554a5
- Ensure LF line-edings in handlebars-template fixtures (*.hbs) - ed879a6
- Run integration test with
node handlebars -a ...
on Windows - 2e21e2b - Ensure LF line-edings in lexer-files (*.l) - bdfdbea
- Force LF line-endings for spec/artifacts - b50ef03
- Use istanbul/lib/cli.js instead of node_modules/.bin/istanbul - 6e6269f
- TravisCI: Publish valid semver tags independently of the branch - 7378f85
Compatibility notes:
- No compatibility issues are expected.