You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@allura.apache.org by Tim Van Steenburgh <tv...@gmail.com> on 2013/07/17 16:04:26 UTC
Allura XSS Vulnerability Patched
Hey all,
Please be aware that an XSS vulnerability in Allura was reported, and subsequently fixed, yesterday. See https://sourceforge.net/p/allura/tickets/6469/ for more info.
We strongly advise Allura deployments to either:
1. Upgrade Allura to the lastest master commit (099c5659d3a17ef84da5ca088ea1cebc7de37001)
2. Upgrade EasyWidgets requirement to version `EasyWidgets==0.2dev-20130716`
EasyWidgets is the library in which the vulnerability was discovered and patched.
--
Tim Van Steenburgh