Details

    • Type: Task Task
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 1.3.7, 1.4.0 (Beta)
    • Fix Version/s: 1.3.8, 1.4.1
    • Component/s: None
    • Labels:
      None
    • Complexity:
      Intermediate
    • Number of attachments :
      1

      Description

      Right now, continuum is vulnerable for cross-site scripting. See REDBACK-275 and REDBACK-276.

      1. CONTINUUM-2620.patch
        69 kB
        Efraim Lorenz Longkines

        Activity

        Hide
        Maria Catherine Tan added a comment -

        r1097686

        • move validation to xml files
        • remove regex validation for description and just escape xml
        Show
        Maria Catherine Tan added a comment - r1097686 move validation to xml files remove regex validation for description and just escape xml
        Hide
        Maria Catherine Tan added a comment -

        TODO:
        add validation to prevent xss attacks in xmlrpc

        Show
        Maria Catherine Tan added a comment - TODO: add validation to prevent xss attacks in xmlrpc
        Hide
        Maria Catherine Tan added a comment -

        r1101338

        • added validation in xmlrpc
        • fixed validation of artifactid in ConfigureAppearanceAction
        • removed regex validation of build agent description
        Show
        Maria Catherine Tan added a comment - r1101338 added validation in xmlrpc fixed validation of artifactid in ConfigureAppearanceAction removed regex validation of build agent description
        Hide
        Maria Catherine Tan added a comment -

        r1101669

        • Merge changes in trunk to 1.3.x branch
        Show
        Maria Catherine Tan added a comment - r1101669 Merge changes in trunk to 1.3.x branch
        Hide
        Maria Catherine Tan added a comment -

        r1102231

        • added ${} for allowed characters in build definition's arguments

        r1102234

        • merge to 1.3.x branch
        Show
        Maria Catherine Tan added a comment - r1102231 added ${} for allowed characters in build definition's arguments r1102234 merge to 1.3.x branch

          People

          • Assignee:
            Maria Catherine Tan
            Reporter:
            Efraim Lorenz Longkines
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: