This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.
The remote Fedora host is missing one or more security updates.
As with all ReviewBoard updates, you will need to run 'rb-site upgrade
/path/to/site' for all installed sites after applying this update.
== Action Required ==
The default Apache configuration is now more strict with how it serves
up file attachments. This does not apply to existing installations.
ng-file-attachments for details.
== Description ==
- New upstream release 1.7.12
- Security Fixes :
- Function names in diff headers are no longer rendered
- If a user's full name contained HTML, the Submitters
list would render it as HTML, without escaping it.
This was an XSS vulnerability.
- The default Apache configuration is now more strict
with how it serves up file attachments. This does not
apply to existing installations. See
es/110173-securing-file-attachments for details.
- Uploaded files are now renamed to include a hash,
preventing users from uploading malicious filenames,
and making filenames unguessable.
- Recaptcha support has been updated to use the new URLs
provided by Google.
- New Features :
- Added a X-ReviewRequest-Repository header for e-mails.
- Extension Improvements :
- Extensions can now specify their list of app
- Extensions can now specify the author's URL.
- Improved the look and feel for extension
- Improved the functionality for extension
- Improved the list of available extensions.
- Bug Fixes :
- Fixed the 'Show Whitespace Changes' toggle.
- Fixed compatibility with modern versions of
- Draft comments on file attachments are no longer shown
to all users.
- Fixed issues with console windows appearing when
invoking Clear Case requests on Python 2.7.x and
- Review requests on Local Sites are now guaranteed to
have the proper ID.
- Fixed starring review requests on Local Sites.
Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
See also :
Update the affected ReviewBoard and / or python-djblets packages.
Risk factor :
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now