diff options
| author | Ian Bicking <ianb@colorstudy.com> | 2010-06-15 12:30:05 -0500 |
|---|---|---|
| committer | Ian Bicking <ianb@colorstudy.com> | 2010-06-15 12:30:05 -0500 |
| commit | bde24c75563bee1f86eec96ec2bd9adac5b71e29 (patch) | |
| tree | f9218976db1cfeccafb04a91fa75864aa2b7de2e /docs | |
| parent | 15e51654e469e87a6974e46969e8ec1295937f96 (diff) | |
| download | paste-bde24c75563bee1f86eec96ec2bd9adac5b71e29.tar.gz | |
Fix XSS attacks as reported by Tim Wintle
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/news.txt | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/docs/news.txt b/docs/news.txt index 7ff0529..3168815 100644 --- a/docs/news.txt +++ b/docs/news.txt @@ -3,6 +3,15 @@ News .. contents:: +1.7.4 +----- + +* Fix XSS bug (security issue) with not found handlers for + :class:`paste.urlparser.StaticURLParser` and + :class:`paste.urlmap.URLMap`. If you ask for a path with + ``/--><script>...`` that will be inserted in the error page and can + execute Javascript. Reported by Tim Wintle. + 1.7.3.1 ------- |