Mercurial > p > roundup > code

view website/www/olderdocs.txt @ 8062:28aa76443f58

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125 Directions for fixing: * `CVE-2024-39124`_ - :ref:`classhelpers (_generic.help.html) are vulnerable to an XSS attack. <CVE-2024-39124>` Requires fixing tracker homes. * `CVE-2024-39125`_ - :ref:`if Referer header is set to a script tag, it will be executed. <CVE-2024-39125>` Fixed in release 2.4.0, directions available for fixing in prior versions. * `CVE-2024-39126`_ - :ref:`PDF, XML and SVG files downloaded from an issue can contain embedded JavaScript which is executed. <CVE-2024-39126>` Fixed in release 2.4.0, directions available for fixing in prior versions. prior to 2.4.0 release this weekend that fixes the last two CVE's.
author John Rouillard <rouilj@ieee.org>
date Tue, 09 Jul 2024 09:07:09 -0400
parents 2ab234484708
children
line wrap: on
line source

Other Docs
==========

.. toctree::
   :maxdepth: 2

   docs/upgrading-history

   docs/tracker_templates

   Design Overview <docs/overview>
   Design (original) <docs/design>

   Software Carpentry and Short Papers <docs/sc>

   docs/developers

   Notes about the MySQL Database backend <docs/mysql>
   Notes about the PostgreSQL Database backend <docs/postgresql>

   Richard Jones implementation notes <docs/implementation>
   docs/security-history
Roundup Issue Tracker: http://roundup-tracker.org/