Datafile description field vulnerability fix

GlobalDataverseCommunityConsortium / dataverse-previewers

A collection of Datafile Previewers that can be configured to work with Dataverse

MIT License

13 stars 38 forks source link

Datafile description field vulnerability fix #54

Closed vesaakerman closed 3 years ago

vesaakerman commented 3 years ago

Sometime ago Dataverse made us aware of a security vulnerabilityrelated to Dataverse Previewers and the Datafile description field. GDCC has already deployed a fix for this vulnerability. But we are running a local copy of the previewers, downloaded from https://github.com/GlobalDataverseCommunityConsortium/dataverse-previewers/archive/1.1.zip.

Is there already a .zipfile containing the fix, and where is it to download?

qqmyers commented 3 years ago

You can always go to https://github.com/GlobalDataverseCommunityConsortium/dataverse-previewers and click the 'Code'/'Download Zip' item on the page - for the master branch or the develop branch if you want newer features. That said, I'll also go ahead and add a new release for the security fix. (Also planning a new release to include changes from the develop branch soon.) Thanks!

vesaakerman commented 3 years ago

Ok, thanks! I see that I can download the latest .zip from https://github.com/GlobalDataverseCommunityConsortium/dataverse-previewers/archive/master.zip

qqmyers commented 3 years ago

v1.1.1 release made