**Version 3.3.8** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method
Comment
Security update for CVE-2022-23303, CVE-2022-23304 Update to version 2.10, which upstream maintainer advises for these CVEs.
**Version 3.3.8** (2022-02-04) * Fix a security issue when in a sandbox: the `sort` filter must require a Closure for the `arrow` parameter * Fix deprecation notice on `round` * Fix call to deprecated `convertToHtml` method
Several vulnerabilities have been discovered in Expat, an XML parsing C library, which could result in denial of service or potentially the execution of arbitrary code, if a malformed XML file is processed.
Update to 2.4.4, fixes CVE-2022-23990.