Hi all, Following on the security release 2.2.2, Patrick found a similar vulnerability but at another location in the code. So here is another security release: 2.3.4 Here is the changelog: * Wed Jul 27 2016 Pierre-Yves Chibon <pingou@xxxxxxxxxxxx> - 2.3.4-1 - Update to 2.3.4 - Security fix release blocking all html related mimetype when displaying the raw files in issues and forces the browser to download them instead (Thanks to Patrick Uiterwijk for finding this issue) - CVE: CVE-2016-1000037 This is happily running in stg and prod. Happy hacking! Pierre
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ infrastructure mailing list infrastructure@xxxxxxxxxxxxxxxxxxxxxxx https://lists.fedoraproject.org/admin/lists/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
