Mehrere Probleme in python-djblets
ID: | FEDORA-2013-13850 |
Distribution: | Fedora |
Plattformen: | Fedora 19 |
Datum: | Do, 8. August 2013, 09:40 |
Referenzen: | Keine Angabe |
Applikationen: | Python Djblets |
Originalnachricht |
|
Name : python-djblets Product : Fedora 19 Version : 0.7.16 Release : 1.fc19 URL : http://www.review-board.org Summary : A collection of useful classes and functions for Django Description : A collection of useful classes and functions for Django -------------------------------------------------------------------------------- Update Information: As with all ReviewBoard updates, you will need to run 'rb-site upgrade /path/to/site' for all installed sites after applying this update. == Action Required == The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments for details. == Description == - New upstream release 1.7.12 - http://www.reviewboard.org/docs/releasenotes/reviewboard/1.7.12/ - Security Fixes: * Function names in diff headers are no longer rendered as HTML. * If a user’s full name contained HTML, the Submitters list would render it as HTML, without escaping it. This was an XSS vulnerability. * The default Apache configuration is now more strict with how it serves up file attachments. This does not apply to existing installations. See http://support.beanbaginc.com/support/solutions/articles/110173-securing-file-attachments for details. * Uploaded files are now renamed to include a hash, preventing users from uploading malicious filenames, and making filenames unguessable. * Recaptcha support has been updated to use the new URLs provided by Google. - New Features: * Added a X-ReviewRequest-Repository header for e-mails. - Extension Improvements: * Extensions can now specify their list of app directories. * Extensions can now specify the author’s URL. * Improved the look and feel for extension configuration. * Improved the functionality for extension configuration. * Improved the list of available extensions. - Bug Fixes: * Fixed the “Show Whitespace Changes” toggle. * Fixed compatibility with modern versions of django-storages. * Draft comments on file attachments are no longer shown to all users. * Fixed issues with console windows appearing when invoking Clear Case requests on Python 2.7.x and Windows 7. * Review requests on Local Sites are now guaranteed to have the proper ID. * Fixed starring review requests on Local Sites. -------------------------------------------------------------------------------- ChangeLog: * Mon Jul 29 2013 Stephen Gallagher |