claudeenmodel: claude-haiku-4-5
Hono v4.12.14 - Security Fixes and AWS Lambda Improvements
Key Points
- JSX attribute name validation in SSR
- AWS Lambda header name handling fix
- HTML injection vulnerability prevention
Summary
Hono v4.12.14 is a security-focused release addressing critical vulnerabilities in JSX attribute handling and AWS Lambda integration.
Key Points
- JSX SSR Security Fix: Resolved improper handling of JSX attribute names in
hono/jsxserver-side rendering that could allow malformed attribute keys to corrupt HTML output and inject unintended attributes or elements (GHSA-458j-xx4x-4375) - AWS Lambda Enhancement: Fixed invalid header name handling in AWS Lambda request processing
- Validation Improvement: Added missing validation of JSX attribute names during server-side rendering to prevent HTML injection vulnerabilities