[Erp5-dev] PortalTransform-1.4.0 contains Cross-site scripting (XSS) security issue
Kazuhiko Shiozaki
kazuhiko at nexedi.com
Wed Mar 18 12:03:00 CET 2009
Hi Boris,
Boris Kocherov wrote:
> PortalTransform-1.4.0 contains XSS issue.
> PortalTransform-1.5.5 does not contain it issue.
> PortalTransform-1.5.5 is available at
> http://plone.org/products/archetypes/releases/1.4.6 .
>
> What do you think about using PortalTransform-1.5.5 instead.
> It depends of MimetypesRegistry-1.5.0 and demands updating erp5_core
> (Paths:portal_transforms/** Tools: mimetypes_registry).
I backported several fixes between 1.4.0 and 1.5.5 to our
PortalTransform repository.
http://svn.erp5.org/?view=rev&revision=25842
And there is no need to update MimetypesRegistry.
Could you please have a look?
Thanks in advance,
Kazuhiko
More information about the Erp5-dev
mailing list