The Apache Allura team is pleased to announce the release of Apache Allura
1.11.0
Allura is an open source implementation of a software forge, a web site that
manages source code repositories, bug reports, discussions, wiki pages, blogs,
and more for any number of individual projects.
The 1.11.0
CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector
Severity: Important
Versions Affected: 1.10.0 and earlier
Description:
A vulnerability exists for stored XSS on the user dropdown selector when
creating or editing tickets. The XSS executes when a user engages with t
- **private**: Yes --> No
---
** [tickets:#8303] CVE-2019-10085: XSS on user autocomplete**
**Status:** closed
**Milestone:** v1.11.0
**Created:** Mon Jun 10, 2019 02:18 PM UTC by Dave Brondsema
**Last Updated:** Mon Jun 17, 2019 03:19 PM UTC
**Owner:** Dave Brondsema
Via secur...@apache.org