Following on the security release 2.2.2, Patrick found a similar vulnerability
but at another location in the code.
So here is another security release: 2.3.4
Here is the changelog:
* Wed Jul 27 2016 Pierre-Yves Chibon <pingou(a)pingoured.fr> - 2.3.4-1
- Update to 2.3.4
- Security fix release blocking all html related mimetype when displaying the
raw files in issues and forces the browser to download them instead (Thanks to
Patrick Uiterwijk for finding this issue) - CVE: CVE-2016-1000037
This is happily running in stg and prod.
Show replies by date