diff options
| author | Build Agent <build@vaadin.com> | 2014-02-13 13:17:58 +0200 |
|---|---|---|
| committer | Build Agent <build@vaadin.com> | 2014-02-13 13:17:58 +0200 |
| commit | 3f07fb247e87deb19bef0f07004161c60443c829 (patch) | |
| tree | cb1c82b171514a75d637e9a1190a20a4b945f6e7 /WebContent | |
| parent | 6f5b334247e024143b82c1c9e0c84b41d9bd2abb (diff) | |
| parent | ef208a686c9b32a66d317ceaf571a1b0387625bb (diff) | |
| download | vaadin-framework-3f07fb247e87deb19bef0f07004161c60443c829.tar.gz vaadin-framework-3f07fb247e87deb19bef0f07004161c60443c829.zip | |
Merge changes from origin/7.1
98aff2b Fix caption lost issue related to focus changing (#12967)
af96612 Test using Tomcat 7 behind Apache proxy (#13302)
ad49fe3 Test using Wildfly 8 (currently CR1) (#13167)
6d8b9e5 Servlet test for push with default parameters (#13299)
d88e409 Added proper escaping to OptionGroup item icon URLs (#13310)
e680b8f Changed getAbsoluteUrl to use the correct escaping method (#13311)
fe6ea57 Release notes updated to describe #13310 #13311
ef208a6 Javadoc formatting fixup
Change-Id: I9cedc16c69b25cc89dd4e4a6812d29019e6e0e0a
Diffstat (limited to 'WebContent')
| -rw-r--r-- | WebContent/release-notes.html | 40 |
1 files changed, 39 insertions, 1 deletions
diff --git a/WebContent/release-notes.html b/WebContent/release-notes.html index a11e526c3f..c7e7558e6a 100644 --- a/WebContent/release-notes.html +++ b/WebContent/release-notes.html @@ -41,6 +41,7 @@ <ul> <li><a href="#overview">Overview of Vaadin @version@ Release</a></li> + <li><a href="#security-fixes">Security fixes</a></li> <li><a href="#changelog">Change log for Vaadin @version@</a></li> <li><a href="#enhancements">Enhancements in Vaadin @@ -75,7 +76,44 @@ href="http://vaadin.com/download/release/@version-minor@/@version-minor@.0/release-notes.html">Release Notes for Vaadin @version-minor@.0</a>. </p> - + + <!-- ================================================================ --> + <h3 id="security-fixes">Security fixes in Vaadin Framework 7.1.11</h3> + + <p> + Vaadin 7.1.11 fixes two security issues discovered during internal review. + </p> + <p><b>Escaping of OptionGroup item icon URLs</b></p> + <p> + The issue affects OptionGroup with item icons. Proper escaping of the + src-attribute on the client side was not ensured when using icons for + OptionGroup items. This could potentially, in certain situations, allow + a malicious user to inject content, such as javascript, in order to + perform a cross-site scripting (XSS) attack. + </p> + <p> + In order for an application to be vulnerable, user provided input must + be used to form a URL used to display an icon for an OptionGroup item, + when showing that Option Group to other users.<br/> + The vulnerability has been classified as moderate, due to it's limited + application. + </p> + <p><b>Escaping of URLs in Util.getAbsoluteUrl()</b></p> + <p> + The client side Util.getAbsoluteUrl() did not ensure proper escaping + of the given URL. This could potentially, in certain situations, allow + a malicious user to inject content, such as javascript, in order to + perform a cross-site scripting (XSS) attack. + </p> + <p> + The method is used internally by the framework in such a manner that it + is unlikely this attack vector can be utilized in practice. However, + third party components, or future use of the method, could make an + attack viable.<br/> + The vulnerability has been classified as moderate, due to it's limited + application. + </p> + <h3 id="changelog">Change log for Vaadin @version@</h3> <p>This release includes the following closed issues:</p> |