RUSTSEC-2021-0026 XSS in `comrak`

The comrak we were matching unsafe URL prefixes, such as data: or javascript: , in a case-sensitive manner. This meant prefixes like Data: were untouched...

jenkins: Missing permission check for paths with specific prefix

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not correctly match requested URLs to the list of always accessible paths, allowing attackers without Overall/Read permission to access some URLs as if they did have Overall/Read permission...