-
-
Notifications
You must be signed in to change notification settings - Fork 1.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix several security issues in 4.2 (#929)
* OF-1417 CVE-2017-15911 Fix XSS issues in host setup * OF-1329 Prevent session fixation attack * OF-1403 Escape group name in MUC admin * OF-1393 Make randomString more random * OF-1400 Escape servername field * OF-1401 Validate SMS host and escape error message
- Loading branch information
Showing
10 changed files
with
54 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
2 comments
on commit 7ff1f73
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good point. I was thinking that it'd be inclusive, but it probably isn't. I'll fix.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I already committed a fix.
…On 25 November 2017 at 12:24, Dave Cridland ***@***.***> wrote:
Good point. I was thinking that it'd be inclusive, but it probably isn't.
I'll fix.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<7ff1f73#commitcomment-25840176>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AEDoygWtfjx8wkEC_FnHOzWqjrRbvraIks5s5_j9gaJpZM4QqWp8>
.
The
- 1shouldn't be necessary, or in other words: Why don't you like the capital letter 'Z'? ;)