Skip to content
Permalink
Browse files Browse the repository at this point in the history
Update the 0.7.30 release notes with the CVEs.
  • Loading branch information
chipx86 committed Jun 8, 2014
1 parent 05d6a9b commit 50000d0
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions NEWS
Expand Up @@ -5,13 +5,17 @@ version 0.7.30 final (6-June-2014):
Users could construct a name that would allow for injecting
JavaScript in the page. That name is now properly escaped.

This is CVE-2014-3995.

* Fixed a XSS issue in json_dumps.

JSON payloads constructed based on user input and then injected into
a page could result in custom JavaScript being injected into the
page. Additional escaping is now performed to ensure this does not
happen.

This is CVE-2014-3994 (discovered by "uchida", bug #3406).


version 0.7.29 final (9-April-2014):
* djblets.webapi:
Expand Down

0 comments on commit 50000d0

Please sign in to comment.