lp:~james-page/ubuntu/oneiric/jenkins-winstone/fix-xss
- Get this branch:
- bzr branch lp:~james-page/ubuntu/oneiric/jenkins-winstone/fix-xss
Branch merges
Related bugs
Related blueprints
Branch information
- Owner:
- James Page
- Status:
- Development
Recent revisions
- 4. By James Page
-
* SECURITY UPDATE: XSS vulnerability in default error pages.
- debian/patches/ fix_xss. patch: escape error messages which are supposed
be plain text and not markup in
src/java/winstone/ ErrorServlet. java,
src/java/winstone/ URIUtil. java,
src/java/winstone/ WinstoneRespons e.java
- http://www.cloudbees. com/jenkins- advisory/ jenkins- security- advisory- 2011-11- 08.cb
* d/maven.{properties, ignoreRules} : Disabled testing as htmlunit is
currently broken in 11.10. - 3. By James Page
-
* Support offline validation of XML configuration files (LP: #827651):
- debian/patches/ specification- resources. patch: CDDL/GPL-2 licensed
xsd+DTD resources for all servlet, jsp and j2ee specifications.
- debian/copyright: documented copyright + license for
specification-resources. patch.
- debian/control: Removed dependency on libservlet2.5-java, no longer
required.
- debian/patches/ series, debian/ patches/ use_system_ servletapi. patch:
Dropped patch as no longer required.
- debian/libjenkins- winstone- java.classpath: Dropped as all required
resources are now included in winstone.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/jenkins-winstone