szquadri / javamelody

Automatically exported from code.google.com/p/javamelody
0 stars 0 forks source link

Cross-site scripting vulnerability in Javamelody #438

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi,

I'm from the Jenkins project, and one of our users have identified a XSS 
vulnerability in Javamelody. Please let me know where I should report the 
problem, as I obviously do not want to discuss the issue in details in a public 
place.

Original issue reported on code.google.com by kohsuke....@gmail.com on 26 Sep 2014 at 6:46

GoogleCodeExporter commented 9 years ago
Hi Kohsuke,
Please send an email to evernat at free.fr

I'm the author of the Jenkins monitoring plugin [1] and of javamelody as you 
can see here [2].

[1] https://wiki.jenkins-ci.org/display/JENKINS/Monitoring
[2] https://code.google.com/p/javamelody/

Original comment by evernat@free.fr on 26 Sep 2014 at 7:08

GoogleCodeExporter commented 9 years ago

Original comment by evernat@free.fr on 2 Oct 2014 at 9:04

GoogleCodeExporter commented 9 years ago
This is fixed in version 1.53.0, available now.

Original comment by evernat@free.fr on 2 Oct 2014 at 9:06