Mahara

Update to HTMLPurifier 4.6.0

Bug #1266976 reported by Aaron Wells on 2014-01-08

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Mahara	Fix Released	High	Robert Lyon	Mahara 1.9.0
	1.6	Fix Released	High	Unassigned	Mahara 1.6.9
	1.7	Fix Released	High	Unassigned	Mahara 1.7.5
	1.8	Fix Released	High	Unassigned	Mahara 1.8.2

Bug Description

HTMLPurifier 4.6.0 came out in November 30, and it's a security release. So, we should update our version to that, and since it's a security release we should also backport it to 1.6, 1.7, and 1.8.

http://htmlpurifier.org/news/

Tags:

CVE References

2013-7414

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14: A patch has been submitted for review

#1

Patch for "master" branch: https://reviews.mahara.org/2909

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14: A change has been merged

#2

Reviewed: https://reviews.mahara.org/2909
Committed: http://gitorious.org/mahara/mahara/commit/b1211089e661ce6f9b7de8aade0e86a7dbeaa136
Submitter: Aaron Wells (<email address hidden>)
Branch: master

commit b1211089e661ce6f9b7de8aade0e86a7dbeaa136
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14: A patch has been submitted for review

#3

Patch for "1.8_STABLE" branch: https://reviews.mahara.org/2924

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14:

#4

Patch for "1.7_STABLE" branch: https://reviews.mahara.org/2925

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14:

#5

Patch for "1.6_STABLE" branch: https://reviews.mahara.org/2926

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14: A change has been merged

#6

Reviewed: https://reviews.mahara.org/2924
Committed: http://gitorious.org/mahara/mahara/commit/67d9f6066bef9b7f294694820691c769ee9bbaff
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.8_STABLE

commit 67d9f6066bef9b7f294694820691c769ee9bbaff
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14:

#7

Reviewed: https://reviews.mahara.org/2925
Committed: http://gitorious.org/mahara/mahara/commit/130c441ac9a50ad251dd08912e71e27c07781da3
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.7_STABLE

commit 130c441ac9a50ad251dd08912e71e27c07781da3
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Revision history for this message

Mahara Bot (dev-mahara) wrote on 2014-01-14:

#8

Reviewed: https://reviews.mahara.org/2926
Committed: http://gitorious.org/mahara/mahara/commit/9ad29e96607b671b7c4a51fc7e5cef826e130635
Submitter: Aaron Wells (<email address hidden>)
Branch: 1.6_STABLE

commit 9ad29e96607b671b7c4a51fc7e5cef826e130635
Author: Robert Lyon <email address hidden>
Date: Tue Jan 14 16:00:09 2014 +1300

Updating HTMLPurifier to version 4.6.0 (Bug #1266976)

Change-Id: I1a6145ca25ecde56c83f2540d04874e973e926f6
Signed-off-by: Robert Lyon <email address hidden>

Aaron Wells (u-aaronw) on 2014-04-03

no longer affects:

mahara/1.9

Robert Lyon (robertl-9) on 2014-04-22

Changed in mahara:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers