Mercurial > p > roundup > code
view doc/sc.txt @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | 2ab234484708 |
| children | 394f72021dad |
line wrap: on
line source
.. meta:: :description: Original documentation of the Roundup Issue tracker. Includes historic Software Carpentry submissions and a short paper. =================================== Software Carpentry and Short Papers =================================== These papers are the original artifacts of Roundup. They can't be included easily in the table of contents for the documentation, so they are referenced here. All of these were written by Ka-Ping Yee, the original architect of Roundup.. A few of the pages have been updated to correct links. However you may still have to use the `wayback machine <https://wayback.archive.org>`_ to access some of the links on these pages. The papers in chronological order are: * `See a short paper explaining Roundup <roundup_short_paper.html>`_ * `See the original overview document for Roundup submitted to the Software Carpentry competition <original_overview.html>`_ * `See the original specification document for Roundup submitted to the Software Carpentry competition <spec.html>`_