Apache Allura 1.8.1 released
Apache Allura 1.8.1 has been released. It contains a several improvements around spam prevention and content quality on discussions. It also includes a few performance optimizations, along with a number of fixes and smaller improvements. To see all the details, check out the release changelog.
Important Security Fix
CVE-2018-1319 Apache Allura HTTP response splitting
Versions Affected: All
Attackers may craft URLs that cause HTTP response splitting. If a victim goes to a maliciously crafted URL, unwanted results may occur including XSS or service denial for the victim's browsing session.
Users of Allura should upgrade to Allura 1.8.1 immediately.
This issue was discovered by Everardo Padilla Saca