[Bug 37727] CVE-2024-24337 - Fix CSV formula injection - client side (DataTables)
3 Jun
2025
3 Jun
'25
1:58 a.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=37727 --- Comment #25 from David Cook <dcook@prosentient.com.au> --- (In reply to Emmi Takkinen from comment #24)
This fix has caused a new problem with exporting, see bug 40015.
Now we should upgrade to the last version of DataTables and remove this from Koha I guess...
It's fixed there.
So if we update datatables and drop this, would bug 40015 be resolved with that?
Doesn't look like it. The version in dataTables buttons 3.2.0 is the same thing: https://github.com/DataTables/Buttons/blob/master/js/dataTables.buttons.js#L... Looks like more thinking will need to be put into this... -- You are receiving this mail because: You are watching all bug changes.
407
Age (days ago)
407
Last active (days ago)
0 comments
1 participants
participants (1)
-
bugzilla-daemon@bugs.koha-community.org