From bde24c75563bee1f86eec96ec2bd9adac5b71e29 Mon Sep 17 00:00:00 2001
From: Ian Bicking <ianb@colorstudy.com>
Date: Tue, 15 Jun 2010 12:30:05 -0500
Subject: Fix XSS attacks as reported by Tim Wintle

---
 docs/news.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'docs')

diff --git a/docs/news.txt b/docs/news.txt
index 7ff0529..3168815 100644
--- a/docs/news.txt
+++ b/docs/news.txt
@@ -3,6 +3,15 @@ News
 
 .. contents::
 
+1.7.4
+-----
+
+* Fix XSS bug (security issue) with not found handlers for
+  :class:`paste.urlparser.StaticURLParser` and
+  :class:`paste.urlmap.URLMap`.  If you ask for a path with
+  ``/--><script>...`` that will be inserted in the error page and can
+  execute Javascript.  Reported by Tim Wintle.
+
 1.7.3.1
 -------
 
-- 
cgit v1.2.1