[Rt-commit] rt annotated tag, rt-4.0.13, created. rt-4.0.13
Thomas Sibley
trs at bestpractical.com
Wed May 22 14:37:27 EDT 2013
The annotated tag, rt-4.0.13 has been created
at 6812b122cee71938e28d89a29928eac3472f147b (tag)
tagging 90b6e7cb80c686b6bf41067029e75914748a4525 (commit)
replaces rt-4.0.12
tagged by Thomas Sibley
on Tue May 21 15:29:13 2013 -0700
- Log -----------------------------------------------------------------
release 4.0.13
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQBRm/U5Hdv9ZfNcOAcRAgw3AJ9JAd5tVl4Kc0uhz6gdMoM1gn5f8QCghkk6
5xFWNrngSuHMmFGytRJxkWk=
=oi5X
-----END PGP SIGNATURE-----
Alex Vandiver (14):
Ensure that filenames in inline image attributes are HTML-escaped
Deny direct access to callbacks
Protect calls to $m->comp with user input in ColumnMap
Remove filename= suggesions from Content-Disposition lines
Ensure consistent escaping of filenames in attachment URIs
Ensure that URLs placed in HTML attributes are escaped correctly, to prevent XSS injection
Ensure that the default replacement does not pass through unescaped content
Use File::Temp for non-predictable temporary filenames
Canonicalize on lower-case for statuses, which are now case-insensitive
Merge two loops over %LIFECYCLES_CACHE into one
Force statuses to lower-case in lifecycles, to match ticket statuses
Preserve original case of defined statuses
Provide warnings of lifecycle misconfigurations
Ensure that subjects cannot contain embedded newlines
Thomas Sibley (12):
Instantiate new sessions on logout as well as deleting the old one
Instantiate a new session if the session doesn't match the ID we loaded it by
Merge remote-tracking branch 'private/security/4.0/rt-predictable-tmpfile' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/protect-columnmap-comp' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/escape-attachment-filename' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/deny-direct-callback-access' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/attachment-filename-escaping' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/subject-newlines' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/instantiate-new-session-on-logout' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/escape-makeclicky' into security/4.0.13-releng
Merge remote-tracking branch 'private/security/4.0/status-casing' into security/4.0.13-releng
Correct a typo in a lifecycle lint warning message
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list