You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Tim Van Steenburgh <tv...@gmail.com> on 2013/07/17 16:04:26 UTC

Allura XSS Vulnerability Patched

Hey all, 

Please be aware that an XSS vulnerability in Allura was reported, and subsequently fixed, yesterday. See https://sourceforge.net/p/allura/tickets/6469/ for more info.

We strongly advise Allura deployments to either:

1. Upgrade Allura to the lastest master commit (099c5659d3a17ef84da5ca088ea1cebc7de37001)
2. Upgrade EasyWidgets requirement to version `EasyWidgets==0.2dev-20130716`

EasyWidgets is the library in which the vulnerability was discovered and patched.

-- 
Tim Van Steenburgh