The Apache Allura team is pleased to announce the release of Apache Allura
1.16.0
Apache Allura is an open source implementation of a software forge, a web site
that manages source code repositories, bug reports, discussions, wiki pages,
blogs, and more for any number of individual projects.
Severity: critical
Affected versions:
- Apache Allura 1.0.1 through 1.15.0
Description:
Allura Discussion and Allura Forum importing does not restrict URL values
specified in attachments. Project administrators can run these imports, which
could cause Allura to read local files and expose
