[Rt-commit] rt annotated tag, rt-3.8.17, created. rt-3.8.17
Thomas Sibley
trs at bestpractical.com
Wed May 22 15:48:29 EDT 2013
The annotated tag, rt-3.8.17 has been created
at 0e3f1f8b96d27789a51fca1eb4daec60bbc91ba8 (tag)
tagging 201cc3405e2c133c09a26ec8e1f9a6ef74fe866c (commit)
replaces rt-3.8.16
tagged by Thomas Sibley
on Wed May 22 12:03:19 2013 -0700
- Log -----------------------------------------------------------------
version 3.8.17
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQBRnRZ3Hdv9ZfNcOAcRApxZAJ4yQ4GnEy7PmH9TGsWVGtBhifbiSQCcClmM
4S7qgaw3S3lMvhBcsBEWbvk=
=GA8L
-----END PGP SIGNATURE-----
Alex Vandiver (9):
Ensure that filenames in inline image attributes are HTML-escaped
Deny direct access to callbacks
Protect calls to $m->comp with user input in ColumnMap
Ensure that subjects cannot contain embedded newlines
Remove filename= suggesions from Content-Disposition lines
Ensure consistent escaping of filenames in attachment URIs
Ensure that URLs placed in HTML attributes are escaped correctly, to prevent XSS injection
Ensure that the default replacement does not pass through unescaped content
Use File::Temp for non-predictable temporary filenames
Kevin Falcone (1):
Merge branch '3.8.16-releng' into 3.8-trunk
Thomas Sibley (8):
Merge remote-tracking branch 'private/security/3.8/attachment-filename-escaping' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/deny-direct-callback-access' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/escape-attachment-filename' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/escape-makeclicky' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/protect-columnmap-comp' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/rt-predictable-tmpfile' into security/3.8.17-releng
Merge remote-tracking branch 'private/security/3.8/subject-newlines' into security/3.8.17-releng
Bump version for 3.8.17
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list