We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 05d6a9b commit 50000d0Copy full SHA for 50000d0
NEWS
@@ -5,13 +5,17 @@ version 0.7.30 final (6-June-2014):
5
Users could construct a name that would allow for injecting
6
JavaScript in the page. That name is now properly escaped.
7
8
+ This is CVE-2014-3995.
9
+
10
* Fixed a XSS issue in json_dumps.
11
12
JSON payloads constructed based on user input and then injected into
13
a page could result in custom JavaScript being injected into the
14
page. Additional escaping is now performed to ensure this does not
15
happen.
16
17
+ This is CVE-2014-3994 (discovered by "uchida", bug #3406).
18
19
20
version 0.7.29 final (9-April-2014):
21
* djblets.webapi:
0 commit comments