You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2017/02/13 23:01:10 UTC

[security] Allura XSS fix

All maintainers of Allura servers should update to the latest 'master' from git,
or simply upgrade the Pypeline package to 0.4.

This fixes an XSS vulnerability when rendering .rst (restructured text) files in
code repos.


-- 
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
              <><