PHPOffice · MarkBaker · Nov 19, 2020 · Nov 18, 2020 · Nov 18, 2020 · Nov 18, 2020
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -28,6 +28,10 @@ and this project adheres to [Semantic Versioning](https://semver.org).
 - Ensure that the list of shared formulae is maintained when an xlsx file is chunked with readFilter[Issue #169](https://github.com/PHPOffice/PhpSpreadsheet/issues/1669).
 - Fix for notice during accessing "cached magnification factor" offset [#1354](https://github.com/PHPOffice/PhpSpreadsheet/pull/1354)
 
+### Security Fix (CVE-2020-7776)
+
+- Prevent XSS through cell comments in the HTML Writer. 
+
 ## 1.15.0 - 2020-10-11
 
 ### Added

diff --git a/composer.json b/composer.json
@@ -39,7 +39,7 @@
         ]
     },
     "require": {
-        "php": "^7.2|^8.0",
+        "php": "^7.2||^8.0",
         "ext-ctype": "*",
         "ext-dom": "*",
         "ext-gd": "*",
@@ -54,19 +54,20 @@
         "ext-zip": "*",
         "ext-zlib": "*",
         "maennchen/zipstream-php": "^2.1",
-        "markbaker/complex": "^1.5|^2.0",
-        "markbaker/matrix": "^1.2|^2.0",
+        "markbaker/complex": "^1.5||^2.0",
+        "markbaker/matrix": "^1.2||^2.0",
         "psr/simple-cache": "^1.0",
         "psr/http-client": "^1.0",
-        "psr/http-factory": "^1.0"
+        "psr/http-factory": "^1.0",
+        "voku/anti-xss": "^4.1"
     },
     "require-dev": {
         "dompdf/dompdf": "^0.8.5",
         "friendsofphp/php-cs-fixer": "^2.16",
         "jpgraph/jpgraph": "^4.0",
         "mpdf/mpdf": "^8.0",
         "phpcompatibility/php-compatibility": "^9.3",
-        "phpunit/phpunit": "^8.5|^9.3",
+        "phpunit/phpunit": "^8.5||^9.3",
         "squizlabs/php_codesniffer": "^3.5",
         "tecnickcom/tcpdf": "^6.3"
     },