React v16.4.2 已发布,本次更新主要是对 React DOM 服务器进行 bug 修复:
- Fix a potential XSS vulnerability when the attacker controls an attribute name (
CVE-2018-6341
). This fix is available in the latestreact-dom@16.4.2
, as well as in previous affected minor versions:react-dom@16.0.1
,react-dom@16.1.2
,react-dom@16.2.1
, andreact-dom@16.3.3
. (@gaearon in #13302) - Fix a crash in the server renderer when an attribute is called
hasOwnProperty
. This fix is only available inreact-dom@16.4.2
. (@gaearon in #13303)
可以看到,主要是修复了潜在的 XSS 安全漏洞问题,以及服务器在渲染时出现的崩溃问题。
源码下载 https://github.com/facebook/react/releases/tag/v16.4.2
转自 https://www.oschina.net/news/98575/react-16-4-2-released