Hey all, Please be aware that an XSS vulnerability in Allura was reported, and subsequently fixed, yesterday. See https://sourceforge.net/p/allura/tickets/6469/ for more info.
We strongly advise Allura deployments to either: 1. Upgrade Allura to the lastest master commit (099c5659d3a17ef84da5ca088ea1cebc7de37001) 2. Upgrade EasyWidgets requirement to version `EasyWidgets==0.2dev-20130716` EasyWidgets is the library in which the vulnerability was discovered and patched. -- Tim Van Steenburgh
