Return-Path: Delivered-To: apmail-continuum-issues-archive@www.apache.org Received: (qmail 12431 invoked from network); 13 Apr 2011 23:33:50 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.3) by minotaur.apache.org with SMTP; 13 Apr 2011 23:33:50 -0000 Received: (qmail 92963 invoked by uid 500); 13 Apr 2011 23:33:50 -0000 Delivered-To: apmail-continuum-issues-archive@continuum.apache.org Received: (qmail 92918 invoked by uid 500); 13 Apr 2011 23:33:50 -0000 Mailing-List: contact issues-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list issues@continuum.apache.org Received: (qmail 92905 invoked by uid 99); 13 Apr 2011 23:33:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Apr 2011 23:33:50 +0000 X-ASF-Spam-Status: No, hits=-0.0 required=5.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: local policy) Received: from [63.246.2.115] (HELO codehaus01.managed.contegix.com) (63.246.2.115) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 13 Apr 2011 23:33:44 +0000 Received: from codehaus01.managed.contegix.com (localhost.localdomain [127.0.0.1]) by codehaus01.managed.contegix.com (Postfix) with ESMTP id 71412458112 for ; Wed, 13 Apr 2011 18:33:23 -0500 (CDT) Date: Wed, 13 Apr 2011 18:33:23 -0500 (CDT) From: "Maria Catherine Tan (JIRA)" To: issues@continuum.apache.org Message-ID: <24514704.54717.1302737603452.JavaMail.haus-jira@codehaus01.managed.contegix.com> In-Reply-To: <8984890.49035.1301995942234.JavaMail.haus-jira@codehaus01.managed.contegix.com> Subject: [jira] Commented: (CONTINUUM-2620) Fix XSS vulnerability in Continuum MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 4e90ceb663894a42f12c0e28abbab431 X-Virus-Checked: Checked by ClamAV on apache.org [ http://jira.codehaus.org/browse/CONTINUUM-2620?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=263527#action_263527 ] Maria Catherine Tan commented on CONTINUUM-2620: ------------------------------------------------ removed fn:escapeXml in r1091974 > Fix XSS vulnerability in Continuum > ---------------------------------- > > Key: CONTINUUM-2620 > URL: http://jira.codehaus.org/browse/CONTINUUM-2620 > Project: Continuum > Issue Type: Task > Affects Versions: 1.3.7, 1.4.0 (Beta) > Reporter: efraim lorenz longkines > Assignee: Maria Catherine Tan > Fix For: 1.3.8 > > > Right now, continuum is vulnerable for cross-site scripting. See REDBACK-275 and REDBACK-276. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira