While most of our attention recently has gone into the new modern Dojo framework releases, we are still maintaining and updating versions of Dojo 1.x as we receive pull requests and updates.
Today we are pleased to announce version 1.14 of the Dojo Toolkit, as well as backported releases 1.13.1, 1.12.4, 1.11.6, and 1.10.10. Note that we will no longer be shipping updated releases prior to 1.10, though you may of course still build your own version from source. Patches are still backported, but the time to push a release for each version is non-trivial.
As these releases are smaller in nature, it is fairly easy to look at the commit history to see what has changed. For example, the Dojo package commit history has details about the Dojo package.
We did receive two small security related reports. These issues are unlikely to impact most of our users in production, but are worth reviewing:
- Unescaped string injection in dojox/Grid/DataGrid (CVE-2018-15494), as reported by Moritz Bechler of SySS GmbH
- DOM Based XSS and JavaScript Injection in DOH reported by B@nSH33!!
Updated releases on the Google CDN are forthcoming.
Thanks for your help in making this release possible. Please let us know if you have any issues. Note that all bug reports should now be filed on GitHub.
Thanks for still maintaining !