Apache Allura™

New Features

Apache Allura 1.11.0 has been released, with new features including:

• Reaction support for comments:

• Option to subscribe to forums and other types of threads, when posting

• @username mentions in markdown editor

• Optional HaveIBeenPwned checks for password changes

Important Security Fix

CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector

Severity: Important
Versions Affected: 1.10.0 and earlier

Description:
A vulnerability exists for stored XSS on the user dropdown selector when creating or editing tickets. The XSS executes when a user engages with that dropdown on that page.

Mitigation:
Users of Allura should upgrade to Allura 1.11.0 immediately.

Credit:
This issue was discovered by Bob "Wombat" Hogg

There are many smaller improvements and fixes as well. To see all the details and upgrade instructions, check out the release changelog.

Get 1.11.0

Download Allura and install it today.