The Apache Allura team is pleased to announce the release of Apache Allura
1.16.0
Apache Allura is an open source implementation of a software forge, a web site
that manages source code repositories, bug reports, discussions, wiki pages,
blogs, and more for any number of individual projects.
This release contains a critical security fix for CVE-2023-46851
If you are unable to upgrade, set this in your .ini config file:
disable_entry_points.allura.importers = forge-tracker, forge-discussion
That same .ini setting is also recommend for users who want maximum security on
their Allura instance and don't need those importers available.
Also, this release drops support for Python 3.7
To see all the details and upgrade instructions, view the release changelog at
https://forge-allura.apache.org/p/allura/git/ci/master/tree/CHANGES
Download at https://allura.apache.org/download.html