[WG: Sakai QA] [cle-release-team] CLE Release Team Call, Thursday, October 27, 10am EDT
Beth Kirschner
bkirschn at umich.edu
Wed Oct 26 11:40:44 PDT 2011
Two more items for tomorrow's agenda is the following two kernel patches from Steve Githens that have languished without resolution:
KERNEL https://jira.sakaiproject.org/browse/KNL-631
Dec 2010. The webdav URL's offer the same exploit potentials as KNL-200, although the user would potentially need to authenticate again with basic auth (native browser popup). Patch from Githens that checks if there is a user agent and whether or not it belongs to a class of browsers that load Javascript, Flash, etc.; if true then redirect to /access/content which has security measures to deal with such things.
Not implemented, yet. Has this fix been tested and implemented at IU?
KERNEL https://jira.sakaiproject.org/browse/KNL-640
Jan 2011. Patch permitting the ability to host content hosting resources on a different domain. It is flagged as a security issue, because it exposes a hole still currently in production all over the place, and it meant to mitigate XSS exploits. In production at IU. See Githen’s email for more info:
- Beth
On Oct 26, 2011, at 12:03 PM, Sam Ottenhoff wrote:
> Hi all,
>
> We're expecting a few additional people on the call tomorrow as we gear up for 2.9 QA and new build processes. The floor will be open for topics in addition to QA, major 2.9 feature review, and current blockers.
>
> --Sam
>
> CONNECTION INFO
>
> Telephone: +1 812 856 7060
> Polycom or Lifesize: 156.56.240.100##22X
> Tandberg or XMeeting: 22X at 156.56.240.100
> GDS E.164: 0011439X
>
> Conference Code: 22348#
> PIN: 72524
>
> CLE open blockers:
>
> https://jira.sakaiproject.org/secure/IssueNavigator.jspa?mode=hide&requestId=12708
> _______________________________________________
> cle-release-team mailing list
> cle-release-team at collab.sakaiproject.org
> http://collab.sakaiproject.org/mailman/listinfo/cle-release-team
More information about the sakai-qa
mailing list