[magnolia-dev] target="_blank" vulnerability
As described in [url=https://medium.com/@jitbit/target-blank-the-most-underestimated-vulnerability-ever-96e328301f4c]this article[/url] (to not copy-past it) links within forum(user comments and maybe some other public components) can send user to malicious site. To fix this either check article propositions or simply add this JS script https://github.com/danielstjules/blankshield on the page so this can guard whole site. For test: [url=http://www.danielstjules.com/github/blankshield-demo-attack.html]Not safe link[/url] -- Context is everything: http://forum.magnolia-cms.com/forum/thread.html?threadId=091e8f14-6ad9-4367-a5ff-36ae174710d6 For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true
Title: Message Title Federico Grilli updated an issue Magnolia CLI npm module / NPMCLI-51 Jumpstart command should set magnolia.develop to true Change By: Federico Grilli Story Points: 1 Sprint: Basel 61 Account: null (null) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true
Title: Message Title Federico Grilli updated an issue Magnolia CLI npm module / NPMCLI-51 Jumpstart command should set magnolia.develop to true Change By: Federico Grilli Using the beta version, the magnolia.develop property in magnolia.properties does not get set to true. Once fixed will require release of 0.0.2 beta + update of README.md Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true
Title: Message Title Federico Grilli updated an issue Magnolia CLI npm module / NPMCLI-51 Jumpstart command should set magnolia.develop to true Change By: Federico Grilli Labels: regression Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (NPMCLI-51) Jumpstart command should set magnolia.develop to true
Title: Message Title Federico Grilli updated an issue Magnolia CLI npm module / NPMCLI-51 Jumpstart command should set magnolia.develop to true Change By: Federico Grilli Fix Version/s: 0.0.2 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (PAGES-80) Adapt pages app to Content-Connector concept
Title: Message Title Aleksandr Pchelintcev updated an issue Magnolia pages module / PAGES-80 Adapt pages app to Content-Connector concept Change By: Aleksandr Pchelintcev Assignee: Aleksandr Pchelintcev Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled
Title: Message Title Aleksandr Pchelintcev updated an issue Magnolia UI / MGNLUI-4018 "Move Inside" button's state is incorrecly handled Change By: Aleksandr Pchelintcev Sprint: Saigon 62 Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-3464) Provide a way to navigate to a node in a tree based on a path
Title: Message Title Hieu Nguyen Duc updated an issue Magnolia UI / MGNLUI-3464 Provide a way to navigate to a node in a tree based on a path Change By: Hieu Nguyen Duc Remaining Estimate: 0.5d 0d Account: null (null) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-4019) CLONE - Avoid excessive access to the version store while browsing content
Title: Message Title Philipp Bärfuss created an issue Magnolia UI / MGNLUI-4019 CLONE - Avoid excessive access to the version store while browsing content Issue Type: Improvement Assignee: Jaroslav Simak Components: content app Created: 16/Sep/16 1:09 PM Fix Versions: 5.3.x, 5.4.x Priority: Major Reporter: Philipp Bärfuss Security Level: Public Each click on an elements in content apps leads to requests to the version store. This can be expensive especially for big installations. I have not tracked it down but my guess would be that it is a availability test for an action which checks wether the node has versions or not. To verify this one can enable derby logging like described here: http://magnolia-experts.com/monitoring-queries-to-the-derby-database/ Attention: jackrabbit caches nodes in memory (16MB bei default) so with a small installation like the demo project the queries will be only executed during the first access and not by follow up browsing.
[magnolia-dev] [JIRA] (MGNLCACHE-145) Cache key generators provided via X-Magnolia-Cache header has to be registered
Title: Message Title Roman Kovařík updated an issue Magnolia Cache Module / MGNLCACHE-145 Cache key generators provided via X-Magnolia-Cache header has to be registered For release notes: custom cache key generator classes (e.g those used in fragment definitions) has to be registered under /modules/cache/config/contentCaching//cachePolicy/registeredCacheKeyGenerators for security reasons. e.g. /modules/cache/config/contentCaching/defaultPageCache/cachePolicy/registeredCacheKeyGenerators/0=my.custom.key.generator Change By: Roman Kovařík Release notes required: Yes Account: null (null) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9)
[magnolia-dev] [JIRA] (MGNLUI-3864) Allow multiple reorder actions with keyboard on MultiValueField
Title: Message Title Oanh Thai Hoang updated an issue Magnolia UI / MGNLUI-3864 Allow multiple reorder actions with keyboard on MultiValueField Change By: Oanh Thai Hoang Remaining Estimate: 0.75d 0d Account: null (null) Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to:
[magnolia-dev] [JIRA] (MGNLUI-4018) "Move Inside" button's state is incorrecly handled
Title: Message Title Hieu Nguyen Duc updated an issue Magnolia UI / MGNLUI-4018 "Move Inside" button's state is incorrecly handled Change By: Hieu Nguyen Duc Assignee: Hieu Nguyen Duc Add Comment This message was sent by Atlassian JIRA (v6.4.13#64028-sha1:b7939e9) For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html Alternatively, use our forums: http://forum.magnolia-cms.com/ To unsubscribe, E-mail to: