Apache Allura 1.8.1 released
Tagged: release
New Features
Apache Allura 1.8.1 has been released. It contains a several improvements around spam prevention and content quality on discussions. It also includes a few performance optimizations, along with a number of fixes and smaller improvements. To see all the details, check out the release changelog.
Important Security Fix
CVE-2018-1319 Apache Allura HTTP response splitting
Severity: Important
Versions Affected: All
Description:
Attackers may craft URLs that cause HTTP response splitting. If a victim goes
to a maliciously crafted URL, unwanted results may occur including XSS or
service denial for the victim's browsing session.
Mitigation:
Users of Allura should upgrade to Allura 1.8.1 immediately.
Credit:
This issue was discovered by Everardo Padilla Saca
Get 1.8.1
Download Allura and install it today.