This server release fixes a medium-severity DOMPurify vulnerability (GHSA-cmwh-pvxp-8882) by upgrading the library to 3.4.11. The affected version could allow permanent ALLOWED_ATTR pollution via setConfig() bypassing the hook clone-guard. The server image is rebuilt with the patched dependency, so you do not need to change your generated projects or workflows.
Hive
Server 1.215.2
Published
Jun 19, 2026 · 06:57 UTC
Repository
tuist/tuist