[Rt-commit] rt annotated tag, rt-3.8.17, created. rt-3.8.17

Thomas Sibley trs at bestpractical.com
Wed May 22 15:48:29 EDT 2013


The annotated tag, rt-3.8.17 has been created
        at  0e3f1f8b96d27789a51fca1eb4daec60bbc91ba8 (tag)
   tagging  201cc3405e2c133c09a26ec8e1f9a6ef74fe866c (commit)
  replaces  rt-3.8.16
 tagged by  Thomas Sibley
        on  Wed May 22 12:03:19 2013 -0700

- Log -----------------------------------------------------------------
version 3.8.17
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQBRnRZ3Hdv9ZfNcOAcRApxZAJ4yQ4GnEy7PmH9TGsWVGtBhifbiSQCcClmM
4S7qgaw3S3lMvhBcsBEWbvk=
=GA8L
-----END PGP SIGNATURE-----

Alex Vandiver (9):
      Ensure that filenames in inline image attributes are HTML-escaped
      Deny direct access to callbacks
      Protect calls to $m->comp with user input in ColumnMap
      Ensure that subjects cannot contain embedded newlines
      Remove filename= suggesions from Content-Disposition lines
      Ensure consistent escaping of filenames in attachment URIs
      Ensure that URLs placed in HTML attributes are escaped correctly, to prevent XSS injection
      Ensure that the default replacement does not pass through unescaped content
      Use File::Temp for non-predictable temporary filenames

Kevin Falcone (1):
      Merge branch '3.8.16-releng' into 3.8-trunk

Thomas Sibley (8):
      Merge remote-tracking branch 'private/security/3.8/attachment-filename-escaping' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/deny-direct-callback-access' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/escape-attachment-filename' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/escape-makeclicky' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/protect-columnmap-comp' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/rt-predictable-tmpfile' into security/3.8.17-releng
      Merge remote-tracking branch 'private/security/3.8/subject-newlines' into security/3.8.17-releng
      Bump version for 3.8.17

-----------------------------------------------------------------------


More information about the Rt-commit mailing list