Mercurial > p > roundup > code

diff doc/acknowledgements.txt @ 8062:28aa76443f58

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
author John Rouillard <rouilj@ieee.org>
date Tue, 09 Jul 2024 09:07:09 -0400
parents 63155529cfe3
children 4f07d7835019
line wrap: on
line diff
--- a/doc/acknowledgements.txt	Mon Jul 08 13:04:05 2024 -0400
+++ b/doc/acknowledgements.txt	Tue Jul 09 09:07:09 2024 -0400
@@ -40,6 +40,8 @@
 Bharath Kanama, Nikunj Thakkar, Patel Malav - classhelper web
 component development.
 
+Alec Romano (4rdr) - identified multiple security issues
+
 2.3
 ---
Roundup Issue Tracker: http://roundup-tracker.org/