Mercurial > p > roundup > code
comparison doc/upgrading.txt @ 8064:d6b447de4f59
docs: set up for release documentation.
Make changes to publish security.html with CVE announcements referring
to the sections in upgrading.html rather than CVE.html.
Remove templates.zip as part of html build in Makefile.
Also update doc for using CVE.html.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:34:13 -0400 |
| parents | 28aa76443f58 |
| children | a4cb4e75d4e9 |
comparison
equal
deleted
inserted
replaced
| 8063:6d4b5005abf2 | 8064:d6b447de4f59 |
|---|---|
| 120 This will insert the bad API login rate limiting settings. | 120 This will insert the bad API login rate limiting settings. |
| 121 | 121 |
| 122 Also if you have ``html_version`` set to ``xhtml``, you will get | 122 Also if you have ``html_version`` set to ``xhtml``, you will get |
| 123 an error. | 123 an error. |
| 124 | 124 |
| 125 .. comment: _CVE-2024-39124: | 125 .. _CVE-2024-39124: |
| 126 | 126 |
| 127 Fix for CVE-2024-39124 in help/calendar popups (recommended) | 127 Fix for CVE-2024-39124 in help/calendar popups (recommended) |
| 128 ------------------------------------------------------------ | 128 ------------------------------------------------------------ |
| 129 | 129 |
| 130 Classhelper components accessed via URL using ``@template=help``, | 130 Classhelper components accessed via URL using ``@template=help``, |
| 312 section. These fixes are already present in 2.4.0. | 312 section. These fixes are already present in 2.4.0. |
| 313 | 313 |
| 314 This section is for people who can not upgrade yet, and want | 314 This section is for people who can not upgrade yet, and want |
| 315 to fix the issues. | 315 to fix the issues. |
| 316 | 316 |
| 317 .. comment: _CVE-2024-39125: | 317 .. _CVE-2024-39125: |
| 318 | 318 |
| 319 Referer value not escaped CVE-2024-39125 | 319 Referer value not escaped CVE-2024-39125 |
| 320 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 320 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 321 | 321 |
| 322 Malicious JavaScript inserted into a page can change the value of | 322 Malicious JavaScript inserted into a page can change the value of |
| 340 self.add_error_message(' '.join(msg.args)) | 340 self.add_error_message(' '.join(msg.args)) |
| 341 | 341 |
| 342 This escapes the Referer value an prevents it from being | 342 This escapes the Referer value an prevents it from being |
| 343 executed. | 343 executed. |
| 344 | 344 |
| 345 .. comment: _CVE-2024-39126: | 345 .. _CVE-2024-39126: |
| 346 | 346 |
| 347 Stop JavaScript execution from attached files CVE-2024-39126 | 347 Stop JavaScript execution from attached files CVE-2024-39126 |
| 348 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | 348 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
| 349 | 349 |
| 350 If an SVG, XML or PDF file that includes malicious JavaScript is | 350 If an SVG, XML or PDF file that includes malicious JavaScript is |