Jump to >

Djblets 0.7.30 Release Notes

Release date: June 6, 2014


  • Fixed a XSS issue in the gravatars code.

    Users could construct a name that would allow for injecting JavaScript in the page. That name is now properly escaped.

    This is CVE-2014-3995.

  • Fixed a XSS issue in json_dumps.()

    JSON payloads constructed based on user input and then injected into a page could result in custom JavaScript being injected into the page. Additional escaping is now performed to ensure this does not happen.

    This is CVE-2014-3994 (discovered by “uchida”, Bug #3406).


  • Christian Hammond
  • David Trowbridge
  • Uchida