Mercurial Repository: p/roundup/code: website/issues/html/_generic.help-submit.html history

http://hg.code.sf.net:8000/p/roundup/code/atom-log/tip/website/issues/html/_generic.help-submit.html Mercurial Repository: p/roundup/code: website/issues/html/_generic.help-submit.html history 2024-07-09T09:07:09-04:00 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 http://hg.code.sf.net:8000/p/roundup/code/#changeset-28aa76443f58bc1605a9933bb4ea4d599c97af5a John Rouillard rouilj@ieee.org 2024-07-09T09:07:09-04:00 2024-07-09T09:07:09-04:00

changeset	28aa76443f58
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
files

Add client_nonce to all scripts http://hg.code.sf.net:8000/p/roundup/code/#changeset-7146b68ac2638c1a03eb08051e6142421078a2bd John Rouillard rouilj@ieee.org 2020-07-02T20:05:02-04:00 2020-07-02T20:05:02-04:00

changeset	7146b68ac263
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Add client_nonce to all scripts Add: tal:attributes="nonce request/client/client_nonce" to script tags.
files

Replace X.has_key('y') with x in y http://hg.code.sf.net:8000/p/roundup/code/#changeset-53e9694788f553b6518fc52afb36ffbb0e486b7a John Rouillard rouilj@ieee.org 2020-03-03T20:58:16-05:00 2020-03-03T20:58:16-05:00

changeset	53e9694788f5
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Replace X.has_key('y') with x in y Make it python3 compatible.
files

Upgrade help_controls/hellp-submit to classic tracker. Trigger change http://hg.code.sf.net:8000/p/roundup/code/#changeset-53634483543242b7cb595a1d6c475b3013cb870b John Rouillard rouilj@ieee.org 2017-09-24T19:20:56-04:00 2017-09-24T19:20:56-04:00

changeset	536344835432
branch
bookmark
tag
user	John Rouillard <rouilj@ieee.org>
description	Upgrade help_controls/hellp-submit to classic tracker. Trigger change events on field we are changing.
files

[website] svn repository setup http://hg.code.sf.net:8000/p/roundup/code/#changeset-c2d0d3e9099db60e3178bfd953f6443bb3ba9f9e Stefan Seefeld stefan@users.sourceforge.net 2009-02-06T13:16:31+00:00 2009-02-06T13:16:31+00:00

changeset	c2d0d3e9099d
branch	website
bookmark
tag
user	Stefan Seefeld <stefan@users.sourceforge.net>
description	svn repository setup
files