Apache Allura 1.11.0 released

New Features

Apache Allura 1.11.0 has been released, with new features including:

  • Reaction support for comments:

Reaction screenshot

  • Option to subscribe to forums and other types of threads, when posting

Subscribe when posting screenshot

  • @username mentions in markdown editor

Username mentioning screenshot

  • Optional HaveIBeenPwned checks for password changes

Important Security Fix

CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector

Severity: Important
Versions Affected: 1.10.0 and earlier

A vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

Users of Allura should upgrade to Allura 1.11.0 immediately.

This issue was discovered by Bob "Wombat" Hogg

There are many smaller improvements and fixes as well. To see all the details and upgrade instructions, check out the release changelog.

Get 1.11.0

Download Allura and install it today.