Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
[SECURITY] Mitigate cross-site-scripting in FileDumpController
FileDumpController is used to expose stored files from the backend user interface through a corresponding service-side process. Since content-security-policy settings for files served directly by the web server won't be applied, FileDumpController has to take care. Resolves: #98221 Releases: main, 11.5, 10.4 Change-Id: I4fde10e48e33fa08452eddf876172f56b4f38e28 Security-Bulletin: TYPO3-CORE-SA-2022-009 Security-References: CVE-2022-36107 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/75718 Tested-by: Oliver Hader <oliver.hader@typo3.org> Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
- Loading branch information