Mercurial > p > roundup > code
view doc/index.txt @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | e3b34d02c61a |
| children | 3f43db05aa11 |
line wrap: on
line source
.. meta:: :description: Table of contents for documentation on the Roundup Issue Tracker. ======================================================= Roundup: an Issue-Tracking System for Knowledge Workers ======================================================= For how to contact the community see https://www.roundup-tracker.org . Contents ======== .. toctree:: :maxdepth: 2 features installation upgrading security FAQ user_guide customising <customizing.txt> rest xmlrpc reference glossary admin_guide man pages <man_pages> license acknowledgements upgrading-history tracker_templates Design Overview <overview> Design (original) <design> Software Carpentry and Papers <sc> developers Notes about the MySQL Database backend <mysql> Notes about the PostgreSQL Database backend <postgresql> Richard Jones implementation notes <implementation> security-history See: https://wiki.roundup-tracker.org/ReleaseErrata for fixes to documentation. Indices ======= * :ref:`genindex`