You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@allura.apache.org by Dave Brondsema <da...@brondsema.net> on 2014/07/07 23:33:41 UTC

[security] allura xss fix

An XSS fix has been fixed on Allura in the 'master' git branch.  It is advisable
for anyone running allura to update to the latest.  Details at
https://sourceforge.net/p/allura/tickets/7528/

The fix included moving from the old feedparser library to the newer maintained
html5lib, for our HTML sanitization.  This does have some minor differences in
terms of HTML output, but none that I've found to be significant.

-- 
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
              <><