Skip to content

Commit 50000d0

Browse files
committed
Update the 0.7.30 release notes with the CVEs.
1 parent 05d6a9b commit 50000d0

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

Diff for: NEWS

+4
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,17 @@ version 0.7.30 final (6-June-2014):
55
Users could construct a name that would allow for injecting
66
JavaScript in the page. That name is now properly escaped.
77

8+
This is CVE-2014-3995.
9+
810
* Fixed a XSS issue in json_dumps.
911

1012
JSON payloads constructed based on user input and then injected into
1113
a page could result in custom JavaScript being injected into the
1214
page. Additional escaping is now performed to ensure this does not
1315
happen.
1416

17+
This is CVE-2014-3994 (discovered by "uchida", bug #3406).
18+
1519

1620
version 0.7.29 final (9-April-2014):
1721
* djblets.webapi:

0 commit comments

Comments
 (0)