v2.0.3

README.md

@@ -18,7 +18,7 @@ mithril.js [![npm Version](https://img.shields.io/npm/v/mithril.svg)](https://ww
 
 ## What is Mithril?
 
-A modern client-side Javascript framework for building Single Page Applications. It's small (<!-- size -->9.77 KB<!-- /size --> gzipped), fast and provides routing and XHR utilities out of the box.
+A modern client-side Javascript framework for building Single Page Applications. It's small (<!-- size -->9.78 KB<!-- /size --> gzipped), fast and provides routing and XHR utilities out of the box.
 
 Mithril is used by companies like Vimeo and Nike, and open source platforms like Lichess 👍.
 

docs/change-log.md

@@ -1,5 +1,6 @@
 # Change log
 
+- [v2.0.3](#v203)
 - [v2.0.1](#v201)
 - [v2.0.0](#v200)
 - [Migrating from v1.x](migration-v1x.md)
@@ -18,11 +19,13 @@
 
 -->
 
-### v2.0.2
+### v2.0.3
 
 - Ensure vnodes are removed correctly in the face of `onbeforeremove` resolving after new nodes are added ([#2492](https://github.com/MithrilJS/mithril.js/pull/2492) [@isiahmeadows](https://github.com/isiahmeadows))
 - Fix prototype pollution vulnerability in `m.parseQueryString` ([#2494](https://github.com/MithrilJS/mithril.js/pull/2494) [@isiahmeadows](https://github.com/isiahmeadows))
 
+*v2.0.2 was skipped as it had a critical flaw and was immediately unpublished.*
+
 ### v2.0.1
 
 Same as v2.0.0, but with a publish that didn't have a botched upload.

mithril.js

@@ -1510,7 +1510,6 @@ var parseQueryString = function(string) {
 		for (var j0 = 0; j0 < levels.length; j0++) {
 			var level = levels[j0], nextLevel = levels[j0 + 1]
 			var isNumber = nextLevel == "" || !isNaN(parseInt(nextLevel, 10))
-			var isValue = j0 === levels.length - 1
 			if (level === "") {
 				var key5 = levels.slice(0, j0).join()
 				if (counters[key5] == null) {
@@ -1520,15 +1519,15 @@ var parseQueryString = function(string) {
 			}
 			// Disallow direct prototype pollution
 			else if (level === "__proto__") break
-			if (isValue) cursor[level] = value2
+			if (j0 === levels.length - 1) cursor[level] = value2
 			else {
 				// Read own properties exclusively to disallow indirect
 				// prototype pollution
-				value2 = Object.getOwnPropertyDescriptor(cursor, level)
-				if (value2 != null) value2 = value2.value
-				if (value2 == null) value2 = cursor[level] = isNumber ? [] : {}
+				var desc = Object.getOwnPropertyDescriptor(cursor, level)
+				if (desc != null) desc = desc.value
+				if (desc == null) cursor[level] = desc = isNumber ? [] : {}
+				cursor = desc
 			}
-			cursor = value2
 		}
 	}
 	return data0

package.json

@@ -1,6 +1,6 @@
 {
   "name": "mithril",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "A framework for building brilliant applications",
   "author": "Leo Horie",
   "license": "MIT",