Mercurial Repository: p/roundup/code: website/issues/html/_generic.calendar.html history

http://hg.code.sf.net:8000/p/roundup/code/atom-log/tip/website/issues/html/_generic.calendar.html Mercurial Repository: p/roundup/code: website/issues/html/_generic.calendar.html history 2024-07-09T09:07:09-04:00 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 http://hg.code.sf.net:8000/p/roundup/code/#changeset-28aa76443f58bc1605a9933bb4ea4d599c97af5a John Rouillard rouilj@ieee.org 2024-07-09T09:07:09-04:00 2024-07-09T09:07:09-04:00

changeset	28aa76443f58
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
files

Add client_nonce to all scripts http://hg.code.sf.net:8000/p/roundup/code/#changeset-7146b68ac2638c1a03eb08051e6142421078a2bd John Rouillard rouilj@ieee.org 2020-07-02T20:05:02-04:00 2020-07-02T20:05:02-04:00

changeset	7146b68ac263
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Add client_nonce to all scripts Add: tal:attributes="nonce request/client/client_nonce" to script tags.
files

#2550765: add noindex,nofollow to the calendar pages. http://hg.code.sf.net:8000/p/roundup/code/#changeset-a099ff2ceff35ca48cea3dd840ce7ce01e2668be Ezio Melotti ezio.melotti@gmail.com 2012-09-21T17:39:11+03:00 2012-09-21T17:39:11+03:00

changeset	a099ff2ceff3
branch
bookmark
tag
user	Ezio Melotti <ezio.melotti@gmail.com>
description	#2550765: add noindex,nofollow to the calendar pages.
files

[website] svn repository setup http://hg.code.sf.net:8000/p/roundup/code/#changeset-c2d0d3e9099db60e3178bfd953f6443bb3ba9f9e Stefan Seefeld stefan@users.sourceforge.net 2009-02-06T13:16:31+00:00 2009-02-06T13:16:31+00:00

changeset	c2d0d3e9099d
branch	website
bookmark
tag
user	Stefan Seefeld <stefan@users.sourceforge.net>
description	svn repository setup
files