fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.

<!--
 This is the default body that is displayed when people visit the
 tracker. The tag below lists the currently open issues. You may
 replace it with a greeting message, or a different list of issues or
 whatever. It's a good idea to have the issues on the front page though
-->
<span tal:replace="structure python:db.issue.renderWith('index',
    sort=[('-', 'activity')], filter=['status'],
    columns=['activity','title','creator'],
    filterspec={'status':['1','2','4']})" />