Sustaining security fixes 3

Hello all,

We just released a change for security vulnerabilities for a number of files. See the email attachments for a patch for the master branch and for open-release/juniper.master.

Without this patch, it is possible that a lot of files might be vulnerable to cross-site scripting (XSS).

This security patch uses code that escapes these vulnerabilities and fixes the xss issues for these files.

We advise you to patch your instances as soon as possible. The fix has been made public and merged into the respective branches.

If you have any questions, feel free to reach out to me.

Thanks,
Ali Akbar, edX Sustaining

juniper-sustaining-security-fixes-3.patch (8.5 KB)

Hello @Ali_Akbar and thank you for the announcement.
Could you make clear that which versions are in danger and should be patched up?
Is ironwood.master safe or we have to apply this patch on it? either completely or partially.

Hello!
All of the named releases have these security vulnerabilities and they must be patched manually to avoid such cross-site scripting (XSS) attacks.
You should completely apply the patch on the respective branch i.e. ironwood.master. In case of conflicts, if any, you can ask me for help.

Thanks,
Ali Akbar, edX Sustaining

1 Like

Our patches are supplied for master, and the latest named release (Juniper now). Ironwood may have these vulnerabilities, and the patches might apply cleanly, but we have not checked that they do.

1 Like