Ubuntu
jenkins-winstone package

lp:~james-page/ubuntu/oneiric/jenkins-winstone/fix-xss

  1. Oneiric (11.10)
  2. fix-xss
Created by James Page and last modified
Get this branch:
bzr branch lp:~james-page/ubuntu/oneiric/jenkins-winstone/fix-xss
Only James Page can upload to this branch. If you are James Page please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
James Page
Status:
Development

Recent revisions

5. By James Page

SECURITY UPDATE: XSS vulnerability in default error pages (LP: #889181).

4. By James Page

* SECURITY UPDATE: XSS vulnerability in default error pages.
  - debian/patches/fix_xss.patch: escape error messages which are supposed
    be plain text and not markup in
    src/java/winstone/ErrorServlet.java,
    src/java/winstone/URIUtil.java,
    src/java/winstone/WinstoneResponse.java
  - http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2011-11-08.cb
* d/maven.{properties,ignoreRules}: Disabled testing as htmlunit is
  currently broken in 11.10.

3. By James Page

* Support offline validation of XML configuration files (LP: #827651):
  - debian/patches/specification-resources.patch: CDDL/GPL-2 licensed
    xsd+DTD resources for all servlet, jsp and j2ee specifications.
  - debian/copyright: documented copyright + license for
    specification-resources.patch.
  - debian/control: Removed dependency on libservlet2.5-java, no longer
    required.
  - debian/patches/series,debian/patches/use_system_servletapi.patch:
    Dropped patch as no longer required.
  - debian/libjenkins-winstone-java.classpath: Dropped as all required
    resources are now included in winstone.

2. By James Page

Initial release

1. By James Page

Import upstream version 0.9.10-jenkins-25+dfsg

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/precise/jenkins-winstone
This branch contains Public information 
Everyone can see this information.

Subscribers