loggerhead

loggerhead 1.18.1

Series 1.18
1.18.1

Milestone information

Project:: loggerhead

Series:: 1.18

Version:: 1.18.1

Released:: 2011-03-24

Registrant:: William Grant

Release registered:: 2011-03-24

Active:: No. Drivers cannot target bugs and blueprints to this milestone.

Download RDF metadata

Activities

Assigned to you:: No blueprints or bugs assigned to you.

Assignees:: 1 William Grant

Blueprints:: No blueprints are targeted to this milestone.

Bugs:: 1 Fix Released

Download files for this release

After you've downloaded a file, you can verify its authenticity using its MD5 sum or signature. (How do I verify a download?)

File	Description	Downloads
loggerhead-1.18.1.tar.gz (md5, sig)	Loggerhead 1.18.1	3,007 last downloaded 2 days ago
Total downloads:		3,007

Release notes

Loggerhead 1.18.1 brings security and stability fixes. Filenames are now correctly escaped in revision views, removing a cross-site scripting vector (CVE-2011-0728). A crash in start-loggerhead when log rotation was enabled has also been fixed.

Changelog

View the full changelog

- Fix escaping of filenames in revision views.
(William Grant, #740142)

    - Add missing import to loggerhead.trace, allowing start-loggerhead
      to run when a log.roll config option is set.
      (Max Kanat-Alexander, #673999)

0 blueprints and 1 bug targeted

Bug report				Importance	Assignee	Status
740142	#740142	persistent xss vector in (unescaped) filenames in revision views		2 Critical	William Grant	10 Fix Released

Related milestones and releases

This milestone contains Public information

Everyone can see this information.