[Koha-bugs] [Bug 2847] Use HTML escape in templates where appropriate
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Wed Nov 23 14:07:05 CET 2011
http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=2847
--- Comment #6 from Chris Nighswonger <cnighswonger at foundations.edu> 2011-11-23 13:07:05 UTC ---
(In reply to comment #5)
> is it just a problem on 3.4 ? it's OK for 3.6 ?
> In this case, I think we can stay without this fix in 3.4 : it's a security
> issue, I agree, but:
> * it's staff related, so, to exploit such a bug, one would first need to have a
> valid login, so, the risk is low according to me.
IMHO any security issue should be backported into any currently maintained
branch.
> * 3.4 EOL is probably close
Not as close as we might imagine. As long as commits will apply, I plan on
keeping 3.4.x alive until we reach a year from 3.6.x release.
--
Configure bugmail: http://bugs.koha-community.org/bugzilla3/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching all bug changes.
More information about the Koha-bugs
mailing list