XSS attack on kojiweb
We are releasing updates for affected versions of Koji from within the past year. The following releases all contain the fix:
Anyone using a Koji version older than a year should update to a more current version as soon as possible.
For users who have customized their Koji code, we recommend rebasing your work onto the appropriate update release. Please see Koji issue #2645 for the code details.
As with all changes to web code, you must restart httpd for the changes to take effect.