Hi all,
Following on the security release 2.2.2, Patrick found a similar vulnerability but at another location in the code. So here is another security release: 2.3.4
Here is the changelog: * Wed Jul 27 2016 Pierre-Yves Chibon pingou@pingoured.fr - 2.3.4-1 - Update to 2.3.4 - Security fix release blocking all html related mimetype when displaying the raw files in issues and forces the browser to download them instead (Thanks to Patrick Uiterwijk for finding this issue) - CVE: CVE-2016-1000037
This is happily running in stg and prod.
Happy hacking! Pierre
infrastructure@lists.fedoraproject.org