urosm
/
ikiwiki
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update for recent XSS

master
Joey Hess 2015-03-30 11:31:59 -04:00
parent 3b27d8fafa
commit 02f745a675
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/security.mdwn
View File

@ -497,3 +497,12 @@ Raúl Benencia discovered an additional XSS exposure in the meta plugin.
This hole was discovered on 16 May 2012 and fixed the same day with
the release of ikiwiki 3.20120516. A fix was backported to Debian squeeze,
as version 3.20100815.9. An upgrade is recommended for all sites.
## XSS via openid selector
Raghav Bisht discovered this XSS in the openid selector.
The hole was reported on March 24th, a fix was developed on March 27th,
and the fixed version was released on the 29th. A fix was backported
to Debian wheezy as version 3.20141016.2. An upgrade is recommended for
sites using CGI and openid.