date:20160916

[magnolia-dev] target="_blank" vulnerability

2016-09-16 Thread via Magnolia Forums

As described in 
[url=https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c]this
 article[/url] (to not copy-past it) links within forum(user comments and maybe 
some other public components) can send user to malicious site.

To fix this either check article propositions or simply add this JS script 
https://github.com/danielstjules/blankshield on the page so this can guard 
whole site.

For test: 
[url=http://www.danielstjules.com/github/blankshield-demo-attack.html]Not safe 
link[/url]

-- 
Context is everything: 
http://forum.magnolia-cms.com/forum/thread.html?threadId=091e8f14-6ad9-4367-a5ff-36ae174710d6



For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

2016-09-16 Thread JIRA (on behalf of Federico Grilli)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Federico Grilli updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia CLI npm module  /  NPMCLI-51 
 
 
 
  Jumpstart command should set magnolia.develop to true  
 
 
 
 
 
 
 
 
 

Change By:
 
 Federico Grilli 
 
 
 

Story Points:
 
 1 
 
 
 

Sprint:
 
 Basel 61 
 
 
 

Account:
 
 null (null) 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

2016-09-16 Thread JIRA (on behalf of Federico Grilli)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Federico Grilli updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia CLI npm module  /  NPMCLI-51 
 
 
 
  Jumpstart command should set magnolia.develop to true  
 
 
 
 
 
 
 
 
 

Change By:
 
 Federico Grilli 
 
 
 
 
 
 
 
 
 
 Using the beta version, the magnolia.develop property in magnolia.properties does not get set to true. Once fixed will require release of 0.0.2 beta + update of README.md 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

2016-09-16 Thread JIRA (on behalf of Federico Grilli)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Federico Grilli updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia CLI npm module  /  NPMCLI-51 
 
 
 
  Jumpstart command should set magnolia.develop to true  
 
 
 
 
 
 
 
 
 

Change By:
 
 Federico Grilli 
 
 
 

Labels:
 
 regression 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

2016-09-16 Thread JIRA (on behalf of Federico Grilli)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Federico Grilli updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia CLI npm module  /  NPMCLI-51 
 
 
 
  Jumpstart command should set magnolia.develop to true  
 
 
 
 
 
 
 
 
 

Change By:
 
 Federico Grilli 
 
 
 

Fix Version/s:
 
 0.0.2 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (PAGES-80) Adapt pages app to Content-Connector concept

2016-09-16 Thread JIRA (on behalf of Aleksandr Pchelintcev)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Aleksandr Pchelintcev updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia pages module /  PAGES-80 
 
 
 
  Adapt pages app to Content-Connector concept  
 
 
 
 
 
 
 
 
 

Change By:
 
 Aleksandr Pchelintcev 
 
 
 

Assignee:
 
 Aleksandr Pchelintcev 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled

2016-09-16 Thread JIRA (on behalf of Aleksandr Pchelintcev)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Aleksandr Pchelintcev updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia UI /  MGNLUI-4018 
 
 
 
  "Move Inside" button's state is incorrecly handled  
 
 
 
 
 
 
 
 
 

Change By:
 
 Aleksandr Pchelintcev 
 
 
 

Sprint:
 
 Saigon 62 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (MGNLUI-3464) Provide a way to navigate to a node in a tree based on a path

2016-09-16 Thread JIRA (on behalf of Hieu Nguyen Duc)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Hieu Nguyen Duc updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia UI /  MGNLUI-3464 
 
 
 
  Provide a way to navigate to a node in a tree based on a path  
 
 
 
 
 
 
 
 
 

Change By:
 
 Hieu Nguyen Duc 
 
 
 

Remaining Estimate:
 
 0.5d 0d 
 
 
 

Account:
 
 null (null) 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (MGNLUI-4019) CLONE - Avoid excessive access to the version store while browsing content

2016-09-16 Thread JIRA (on behalf of Jaroslav Simak)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Philipp Bärfuss created an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia UI /  MGNLUI-4019 
 
 
 
  CLONE - Avoid excessive access to the version store while browsing content  
 
 
 
 
 
 
 
 
 

Issue Type:
 
  Improvement 
 
 
 

Assignee:
 
 Jaroslav Simak 
 
 
 

Components:
 

 content app 
 
 
 

Created:
 

 16/Sep/16 1:09 PM 
 
 
 

Fix Versions:
 

 5.3.x, 5.4.x 
 
 
 

Priority:
 
  Major 
 
 
 

Reporter:
 
 Philipp Bärfuss 
 
 
 

Security Level:
 

 Public 
 
 
 
 
 
 
 
 
 
 
Each click on an elements in content apps leads to requests to the version store. This can be expensive especially for big installations. I have not tracked it down but my guess would be that it is a availability test for an action which checks wether the node has versions or not. 
To verify this one can enable derby logging like described here: http://magnolia-experts.com/monitoring-queries-to-the-derby-database/ 
Attention: jackrabbit caches nodes in memory (16MB bei default) so with a small installation like the demo project the queries will be only executed during the first access and not by follow up browsing.

[magnolia-dev] [JIRA] (MGNLCACHE-145) Cache key generators provided via X-Magnolia-Cache header has to be registered

2016-09-16 Thread on behalf of Roman Kovařík

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Roman Kovařík updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia Cache Module /  MGNLCACHE-145 
 
 
 
  Cache key generators provided via X-Magnolia-Cache header has to be registered  
 
 
 
 
 
 
 
 
 
 
For release notes: 
 

custom cache key generator classes (e.g those used in fragment definitions) has to be registered under /modules/cache/config/contentCaching//cachePolicy/registeredCacheKeyGenerators for security reasons. e.g. /modules/cache/config/contentCaching/defaultPageCache/cachePolicy/registeredCacheKeyGenerators/0=my.custom.key.generator
 
 
 
 
 
 
 
 
 
 
 

Change By:
 
 Roman Kovařík 
 
 
 

Release notes required:
 
 Yes 
 
 
 

Account:
 
 null (null) 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)

[magnolia-dev] [JIRA] (MGNLUI-3864) Allow multiple reorder actions with keyboard on MultiValueField

2016-09-16 Thread JIRA (on behalf of Oanh Thai Hoang)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Oanh Thai Hoang updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia UI /  MGNLUI-3864 
 
 
 
  Allow multiple reorder actions with keyboard on MultiValueField  
 
 
 
 
 
 
 
 
 

Change By:
 
 Oanh Thai Hoang 
 
 
 

Remaining Estimate:
 
 0.75d 0d 
 
 
 

Account:
 
 null (null) 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled

2016-09-16 Thread JIRA (on behalf of Hieu Nguyen Duc)

Title: Message Title
 
 
 
 
 
 
 
 
 
 
  
 
 Hieu Nguyen Duc updated an issue 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 Magnolia UI /  MGNLUI-4018 
 
 
 
  "Move Inside" button's state is incorrecly handled  
 
 
 
 
 
 
 
 
 

Change By:
 
 Hieu Nguyen Duc 
 
 
 

Assignee:
 
 Hieu Nguyen Duc 
 
 
 
 
 
 
 
 
 
 
 
 

 
 Add Comment 
 
 
 
 
 
 
 
 
 
 

 
 
 
 
 
 
 
 
 
 

 This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) 
 
 
 
 
  
 
 
 
 
 
 
 
 
   




For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to:

[magnolia-dev] target="_blank" vulnerability

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true

[magnolia-dev] [JIRA] (PAGES-80) Adapt pages app to Content-Connector concept

[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled

[magnolia-dev] [JIRA] (MGNLUI-3464) Provide a way to navigate to a node in a tree based on a path

[magnolia-dev] [JIRA] (MGNLUI-4019) CLONE - Avoid excessive access to the version store while browsing content

[magnolia-dev] [JIRA] (MGNLCACHE-145) Cache key generators provided via X-Magnolia-Cache header has to be registered

[magnolia-dev] [JIRA] (MGNLUI-3864) Allow multiple reorder actions with keyboard on MultiValueField

[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled

12 matches

Site Navigation

Mail list logo

Footer information