XSS attack on kojiweb
We are releasing updates for affected versions of Koji from within the past year. The following releases all contain the fix:
Anyone using a Koji version older than a year should update to a more current version as soon as possible.
For users who have customized their Koji code, we recommend rebasing your work onto the appropriate update release. Please see Koji issue #2645 for the code details.
As with all changes to web code, you must restart httpd for the changes to take effect.
Fixed versions can be found at our releases page: