Koji 1.34.3 Release notes¶
This is a security update to backport the fix for CVE-2024-9427 to Koji 1.34.
Migrating from Koji 1.34.x¶
No special actions are needed to migrate from earlier 1.34 point releases.
Security Fixes¶
web: XSS vulnerability
CVE: CVE-2024-9427
An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. At present, we do not believe that this can be used to submit an action or make a change in Koji due to existing XSS protections in the code. Even so, this is a serious issue and we recommend applying this update promptly.
Other Changes¶
There are no other significant changes in this release. All changes can be found in the roadmap.