Mercurial > hg > orthanc
comparison NEWS @ 5462:505416b269a0
Fix XSS in Orthanc error reporting (as reported by Sébastien Doria, Vumetric Cybersecurity)
| author | Alain Mazy <am@osimis.io> |
|---|---|
| date | Tue, 12 Dec 2023 10:13:49 +0100 |
| parents | 8345267e8de5 |
| children | 1dc6e4b7f5d8 |
comparison
equal
deleted
inserted
replaced
| 5461:67dc2567ea6f | 5462:505416b269a0 |
|---|---|
| 89 * Upgraded dependencies for static builds: | 89 * Upgraded dependencies for static builds: |
| 90 - boost 1.83.0 | 90 - boost 1.83.0 |
| 91 * Upgraded minizip library to stay away from CVE-2023-45853 although Orthanc is likely not affected since zip | 91 * Upgraded minizip library to stay away from CVE-2023-45853 although Orthanc is likely not affected since zip |
| 92 filenames are based on DICOM Tag values whose length is limited in size. | 92 filenames are based on DICOM Tag values whose length is limited in size. |
| 93 Great thanks to James Addison for notifying us about the vulnerability and patch to apply ! | 93 Great thanks to James Addison for notifying us about the vulnerability and patch to apply ! |
| 94 * Fix XSS in Orthanc error reporting (as reported by Sébastien Doria, Vumetric Cybersecurity) by: | |
| 95 - always including a 'Content-Type' header in HTTP responses with a body. | |
| 96 - always including 'X-Content-Type-Options: nosniff' | |
| 94 | 97 |
| 95 | 98 |
| 96 Version 1.12.1 (2023-07-04) | 99 Version 1.12.1 (2023-07-04) |
| 97 =========================== | 100 =========================== |
| 98 | 101 |