present deployed seems to be:
Postorius Documentation • GNU Mailman • Postorius Version 1.1.2
upstream has released up to 1.2.3
https://postorius.readthedocs.io/en/latest/news.html
Update to a later version, as there is a an 'across panels' leak of data when two mailing lists are open and an update occurs in one ... an async status message is displayed in all panels
no deadline -- nice to have
no expiration date
a cross site exploit seems to exist
to demonstrate unsubscribe from the following mailing lists
For usage: https://lists.fedorahosted.org/archives/list/firewalld-users@lists.fedorahosted.org/
For development: https://lists.fedorahosted.org/archives/list/firewalld-devel@lists.fedorahosted.org/
then close the browser to get a fresh cache state (I use Firefox latest in CentOS)
open two tabs
choose one and enter a subscription transaction
change to the other tab
(the XSS leak is in a green box up top, saying: Please check your inbox for further instructions )
it appears in both tabs
@abompard can you take a look here?
Metadata Update from @kevin: - Issue assigned to abompard - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: lists
found it -- mentioned the difficulty finding this issue at:
Archived-At: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/HSQ7RZ2VHVZT5FYPDBG7NTPLNUIAZ4AD/
Metadata Update from @smooge: - Issue assigned to smooge (was: abompard) - Issue marked as depending on: #8455
Metadata Update from @smooge: - Issue unmarked as depending on: #8455
we are going to focus on this in 8455.
Metadata Update from @smooge: - Issue close_status updated to: Duplicate - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.