1732595 – Current novnc version has XSS vulnerability

Bug 1732595 - Current novnc version has XSS vulnerability

Summary: Current novnc version has XSS vulnerability

Keywords:
Status:	NEW
Alias:	None
Product:	RDO
Classification:	Community
Component:	novnc
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	trunk
Assignee:	Lee Yarwood
QA Contact:	Shai Revivo
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2019-07-23 20:23 UTC by Jim Rollenhagen
Modified:	2019-08-08 08:39 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Dependent Products:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Jim Rollenhagen 2019-07-23 20:23:20 UTC

Description of problem:
Currently, the Rocky and Stein (and presumably earlier) versions of the RDO repositories package novnc 0.5.1. Per [0], novnc 0.6.2 fixes an XSS vulnerability. Could we please package a newer version without this vulnerability? Thanks!

[0] https://github.com/novnc/noVNC/issues/748
[1] https://bugs.launchpad.net/horizon/+bug/1656435

Note You need to log in before you can comment on or make changes to this bug.