The Apache Allura team is pleased to announce the release of Apache Allura
1.17.0
Apache Allura is an open source implementation of a software forge, a web site
that manages source code repositories, bug reports, discussions, wiki pages,
blogs, and more for any number of individual projects.
This release contains a critical security fix for CVE-2024-36471
If you are unable to upgrade, set this in your .ini config file:
disable_entry_points.allura.importers = forge-tracker, forge-discussion
That same .ini setting is also recommend for users who want maximum security on
their Allura instance and don't need those importers available.
This release also add support for OAuth 2, has better cookie session format, and
many other changes. To see all the details and upgrade instructions, view the
release changelog at
https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES
Download at https://allura.apache.org/download.html
