On 7/30/15 3:00 PM, Dave Brondsema wrote: > > Two CSRF fixes have been made recently. They are not super critical, but > anyone > using Allura should consider upgrading to latest from git. We should make a > release of Allura soon too which would include these. > > https://forge-allura.apache.org/p/allura/tickets/7685/ > https://forge-allura.apache.org/p/allura/tickets/7942/ > > If anyone is interested in a formal security list for disclosing issues like > this, please let us know. > >
And a XSS fix https://forge-allura.apache.org/p/allura/tickets/7947/ Again, available in git 'master' now. -- Dave Brondsema : [email protected] http://www.brondsema.net : personal http://www.splike.com : programming <><
