You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jspwiki.apache.org by br...@apache.org on 2022/11/24 09:25:14 UTC
[jspwiki] 08/08: XSS vulnerability reported by Eugene Lim and Sng Jay Kai.
This is an automated email from the ASF dual-hosted git repository.
brushed pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 2ce696aebb0de8a377c8d0a9f92be02f1322f6f7
Author: brushed <di...@gmail.com>
AuthorDate: Thu Nov 24 10:24:56 2022 +0100
XSS vulnerability reported by Eugene Lim and Sng Jay Kai.
---
ChangeLog.md | 8 ++++++++
jspwiki-api/src/main/java/org/apache/wiki/api/Release.java | 2 +-
2 files changed, 9 insertions(+), 1 deletion(-)
diff --git a/ChangeLog.md b/ChangeLog.md
index 6fe9da630..1030671f9 100644
--- a/ChangeLog.md
+++ b/ChangeLog.md
@@ -17,6 +17,14 @@ specific language governing permissions and limitations
under the License.
-->
+**2022-11-24 Dirk Frederickx (brushed AT apache DOT org)**
+
+* _2.12.0-git-02_
+
+* Fixing a number of XSS vulnerabilities reported by Eugene Lim and Sng Jay Kai.
+ (sanitizing various plugin parameters)
+
+
**2022-10-19 Juan Pablo Santos (juanpablo AT apache DOT org)**
* _2.12.0-git-01_
diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
index 939753158..16fea414c 100644
--- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
+++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java
@@ -69,7 +69,7 @@ public final class Release {
* <p>
* If the build identifier is empty, it is not added.
*/
- public static final String BUILD = "01";
+ public static final String BUILD = "02";
/**
* This is the generic version string you should use when printing out the version. It is of