Today we have released security updates for Koji to address CVE-2024-9427, an xss vulnerability in the Koji web ui. These updates cover Koji releases from the past year. They are:

1.35.1 1.34.3 1.33.2

You can download these and other releases at https://pagure.io/koji/releases

While we do not believe that this vulnerability can be used to submit an action or make a change in Koji, it is still a serious issue and we recommend applying this update promptly.

For further information see: https://docs.pagure.org/koji/CVEs/CVE-2024-9427/ https://pagure.io/koji/issue/4204

Many thanks to all those that helped find and address this issue!