allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <>
Subject security issue with easywidgets (Allura dependency)
Date Wed, 19 Sep 2012 15:21:54 GMT
I recommend all Allura deployments upgrade EasyWidgets to version
0.2dev-20120918 immediately.  If you cannot do that, apply this patch to your
current easywidgets version:
 That will close a vector of attack in which arbitrary filesystem paths can be
specified in the URL and exposed to the requester.  Example in the commit link

Dave Brondsema : : personal : programming

View raw message