Mercurial > p > roundup > code
annotate doc/sc.txt @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 2ab234484708 |
| children | 394f72021dad |
| rev | line source |
|---|---|
|
7787
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
1 .. meta:: |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
2 :description: |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
3 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
4 Original documentation of the Roundup Issue tracker. Includes |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
5 historic Software Carpentry submissions and a short paper. |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
6 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
7 =================================== |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
8 Software Carpentry and Short Papers |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
9 =================================== |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
10 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
11 These papers are the original artifacts of Roundup. They can't be |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
12 included easily in the table of contents for the documentation, so |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
13 they are referenced here. All of these were written by Ka-Ping Yee, |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
14 the original architect of Roundup.. |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
15 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
16 A few of the pages have been updated to correct links. However you may |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
17 still have to use the `wayback machine <https://wayback.archive.org>`_ |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
18 to access some of the links on these pages. The papers in |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
19 chronological order are: |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
20 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
21 * `See a short paper explaining Roundup <roundup_short_paper.html>`_ |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
22 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
23 * `See the original overview document for Roundup submitted to the |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
24 Software Carpentry competition <original_overview.html>`_ |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
25 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
26 * `See the original specification document for Roundup submitted to the |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
27 Software Carpentry competition <spec.html>`_ |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
28 |
|
2ab234484708
docs: add older docs and link them from a Sphinx controlled doc
John Rouillard <rouilj@ieee.org>
parents:
diff
changeset
|
29 |