This is an automated email from the ASF dual-hosted git repository. brushed pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jspwiki.git
commit 2ce696aebb0de8a377c8d0a9f92be02f1322f6f7 Author: brushed <[email protected]> AuthorDate: Thu Nov 24 10:24:56 2022 +0100 XSS vulnerability reported by Eugene Lim and Sng Jay Kai. --- ChangeLog.md | 8 ++++++++ jspwiki-api/src/main/java/org/apache/wiki/api/Release.java | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog.md b/ChangeLog.md index 6fe9da630..1030671f9 100644 --- a/ChangeLog.md +++ b/ChangeLog.md @@ -17,6 +17,14 @@ specific language governing permissions and limitations under the License. --> +**2022-11-24 Dirk Frederickx (brushed AT apache DOT org)** + +* _2.12.0-git-02_ + +* Fixing a number of XSS vulnerabilities reported by Eugene Lim and Sng Jay Kai. + (sanitizing various plugin parameters) + + **2022-10-19 Juan Pablo Santos (juanpablo AT apache DOT org)** * _2.12.0-git-01_ diff --git a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java index 939753158..16fea414c 100644 --- a/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java +++ b/jspwiki-api/src/main/java/org/apache/wiki/api/Release.java @@ -69,7 +69,7 @@ public final class Release { * <p> * If the build identifier is empty, it is not added. */ - public static final String BUILD = "01"; + public static final String BUILD = "02"; /** * This is the generic version string you should use when printing out the version. It is of
