loofah v2.19.1 has been released. This a security update which addresses multiple CVEs, and users are recommended to upgrade immediately. The release notes <https://github.com/flavorjones/loofah/releases/tag/v2.19.1> are reproduced below, for more information please read the linked GHSAs. --- 2.19.1 / 2022-12-13Security - Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh <https://github.com/flavorjones/loofah/security/advisories/GHSA-486f-hjj9-9vhh> for more information. - Address CVE-2022-23515, improper neutralization of data URIs. See GHSA-228g-948r-83gx <https://github.com/flavorjones/loofah/security/advisories/GHSA-228g-948r-83gx> for more information. - Address CVE-2022-23516, uncontrolled recursion. See GHSA-3x8r-x6xp-q4vm <https://github.com/flavorjones/loofah/security/advisories/GHSA-3x8r-x6xp-q4vm> for more information.