[FIXED SECURITY-17] XSS in Winstone

c0111367 · Kohsuke Kawaguchi · 08717c12 · c0111367 · c0111367
隐藏空白更改
内联并排

Showing with 4 addition and 1 deletion

changelog.html changelog.html +3 -0

war/pom.xml war/pom.xml +1 -1

未找到文件。
--- a/changelog.html
+++ b/changelog.html
@@ -63,6 +63,9 @@ Upcoming changes</a>
 <div id="rc" style="display:none;"><!--=BEGIN=-->
 <h3><a name=v1.438>What's new in 1.438</a> <!--=DATE=--></h3>
 <ul class=image>
+  <li class='major bug'>
+    Fixed XSS vulnerability with the built-in servlet container.
+    (SECURITY-17)
  <li class=bug>
  Repeated ids, expandTextArea() and multiple "Invoke Ant" build steps.
  (<a href="https://issues.jenkins-ci.org/browse/JENKINS-10989">issue 10989</a>)

--- a/war/pom.xml
+++ b/war/pom.xml
@@ -99,7 +99,7 @@ THE SOFTWARE.
      -->
      <groupId>org.jenkins-ci</groupId>
      <artifactId>winstone</artifactId>
-      <version>0.9.10-jenkins-28</version>
+      <version>0.9.10-jenkins-29</version>
      <scope>test</scope>
    </dependency>
    <dependency>