[Bug 2847] Use HTML escape in templates where appropriate
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=2847 --- Comment #6 from Chris Nighswonger <cnighswonger@foundations.edu> 2011-11-23 13:07:05 UTC --- (In reply to comment #5)
is it just a problem on 3.4 ? it's OK for 3.6 ? In this case, I think we can stay without this fix in 3.4 : it's a security issue, I agree, but: * it's staff related, so, to exploit such a bug, one would first need to have a valid login, so, the risk is low according to me.
IMHO any security issue should be backported into any currently maintained branch.
* 3.4 EOL is probably close
Not as close as we might imagine. As long as commits will apply, I plan on keeping 3.4.x alive until we reach a year from 3.6.x release. -- Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching all bug changes.
participants (1)
-
bugzilla-daemon@bugs.koha-community.org