34 lines
934 B
ReStructuredText
34 lines
934 B
ReStructuredText
|
|
Koji 1.35.1 Release notes
|
|
=========================
|
|
|
|
All changes can be found in `the roadmap <https://pagure.io/koji/roadmap/1.35.1/>`_.
|
|
Most important changes are listed here.
|
|
|
|
|
|
Migrating from Koji 1.35.0
|
|
--------------------------
|
|
|
|
No special actions are needed.
|
|
|
|
|
|
Security Fixes
|
|
--------------
|
|
|
|
**web: XSS vulnerability**
|
|
|
|
| CVE: :doc:`../CVEs/CVE-2024-9427`
|
|
| Issue: https://pagure.io/koji/issue/4204
|
|
|
|
An unsanitized input allows for an XSS attack. Javascript code from a malicious
|
|
link could be reflected in the resulting web page. At present, we do not
|
|
believe that this can be used to submit an action or make a change in Koji due
|
|
to existing XSS protections in the code. Even so, this is a serious issue and
|
|
we recommend applying this update promptly.
|
|
|
|
|
|
Other Changes
|
|
-------------
|
|
|
|
There are no other significant changes in this release.
|
|
All changes can be found in `the roadmap <https://pagure.io/koji/roadmap/1.35.1/>`_.
|