Mercurial > p > roundup > code
view detectors/README.txt @ 8365:4ac0bbb3e440
bug(security): CVE-2025-53865 - XSS bug
Extensive fixes in devel, responsive templates known to be
exploitable.
Similar constructs in classic and minimal templates not known
to be exploitable, but changed anyway.
doc/upgrading.txt:
Reformat to 66 characters.
Update with assigned CVE number.
Add section on fixing tal:replace with unsafe data.
Document analysis and assumptions in comment in file.
doc/security.txt:
Update with CVE number.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Fri, 11 Jul 2025 19:30:27 -0400 |
| parents | b2eb59ada444 |
| children | e738377b4ffe |
line wrap: on
line source
This directory has some detector examples that you can use to get ideas on implementing your own detectors. These are provides on an as-is basis. When they were added, they worked for somebody and were considered a useful example. The roundup team will attempt to keep them up to date with major changes as they happen, but there are no guarantees that these will work out of the box. If you find them out of date and have patches to make them work against newer versions of roundup, please open an issue at: https://issues.roundup-tracker.org The current inventory is: creator_resolution.py - only allow the creator of the issue to resolve it emailauditor.py - Rename .eml files (from email multi-part bodies) to .mht so they can be downloaded/viewed in Internet Explorer. irker.py - communicate with irkerd to allow roundtup to send announcements to an IRC channel. newissuecopy.py - notify a team email address (hardcoded in the script) when a new issue arrives. newitemcopy.py - email the DISPATCHER address when new issues, users, keywords etc. are created. Kind of an expanded version of newissuecopy.