### Impact
XSS attack – anyone using the Express API is impacted

### Patches
The problem has been resolved. Users should upgrade to version 2.0.0.

### Workarounds
Don’t pass user supplied data directly to `res.renderFile`.

### References
_Are there any links users can visit to find out more?_
See https://github.com/eta-dev/eta/releases/tag/v2.0.0Read More