RDO tickets are now tracked in Jira https://issues.redhat.com/projects/RDO/issues/
Bug 1732595 - Current novnc version has XSS vulnerability
Summary: Current novnc version has XSS vulnerability
Keywords:
Status: NEW
Alias: None
Product: RDO
Classification: Community
Component: novnc
Version: unspecified
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: trunk
Assignee: Eoghan Glynn
QA Contact: Shai Revivo
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-07-23 20:23 UTC by Jim Rollenhagen
Modified: 2022-02-16 15:50 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)

Description Jim Rollenhagen 2019-07-23 20:23:20 UTC
Description of problem:
Currently, the Rocky and Stein (and presumably earlier) versions of the RDO repositories package novnc 0.5.1. Per [0], novnc 0.6.2 fixes an XSS vulnerability. Could we please package a newer version without this vulnerability? Thanks!

[0] https://github.com/novnc/noVNC/issues/748
[1] https://bugs.launchpad.net/horizon/+bug/1656435


Note You need to log in before you can comment on or make changes to this bug.