Mercurial > p > roundup > code
view website/www/docs.txt @ 8062:28aa76443f58
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
Directions for fixing:
* `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are
vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing
tracker homes.
* `CVE-2024-39125`_ - :ref:`if Referer header is set to a script
tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0,
directions available for fixing in prior versions.
* `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from
an issue can contain embedded JavaScript which is
executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions
available for fixing in prior versions.
prior to 2.4.0 release this weekend that fixes the last two CVE's.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 09 Jul 2024 09:07:09 -0400 |
| parents | e3b34d02c61a |
| children | 78b13272d41b |
line wrap: on
line source
.. meta:: :description: Table of contents for published documentation on the Roundup Issue Tracker. Docs ==== .. admonition:: Welcome The documentation is slowly being reorganized using the `Diataxis framework`_. Help with the reorganization is welcome. If a page you used to see is missing, try checking the `Other Docs <olderdocs.html>`_ page. See: https://wiki.roundup-tracker.org/ReleaseErrata for fixes to documentation. .. _diataxis framework: https://diataxis.fr/ .. toctree:: :maxdepth: 2 Features <docs/features> Installation <docs/installation> Upgrading to Newer Versions <docs/upgrading> Security Issues <docs/security> FAQ <docs/FAQ> User's Guide <docs/user_guide> Customising <docs/customizing> Rest API <docs/rest> XML-RPC API <docs/xmlrpc> Reference <docs/reference> Glossary <docs/glossary> docs/admin_guide docs/man_pages docs/license docs/acknowledgements olderdocs