Mercurial > hg > orthanc
comparison NEWS @ 5462:505416b269a0
Fix XSS in Orthanc error reporting (as reported by Sébastien Doria, Vumetric Cybersecurity)
author | Alain Mazy <am@osimis.io> |
---|---|
date | Tue, 12 Dec 2023 10:13:49 +0100 |
parents | 8345267e8de5 |
children | 1dc6e4b7f5d8 |
comparison
equal
deleted
inserted
replaced
5461:67dc2567ea6f | 5462:505416b269a0 |
---|---|
89 * Upgraded dependencies for static builds: | 89 * Upgraded dependencies for static builds: |
90 - boost 1.83.0 | 90 - boost 1.83.0 |
91 * Upgraded minizip library to stay away from CVE-2023-45853 although Orthanc is likely not affected since zip | 91 * Upgraded minizip library to stay away from CVE-2023-45853 although Orthanc is likely not affected since zip |
92 filenames are based on DICOM Tag values whose length is limited in size. | 92 filenames are based on DICOM Tag values whose length is limited in size. |
93 Great thanks to James Addison for notifying us about the vulnerability and patch to apply ! | 93 Great thanks to James Addison for notifying us about the vulnerability and patch to apply ! |
94 * Fix XSS in Orthanc error reporting (as reported by Sébastien Doria, Vumetric Cybersecurity) by: | |
95 - always including a 'Content-Type' header in HTTP responses with a body. | |
96 - always including 'X-Content-Type-Options: nosniff' | |
94 | 97 |
95 | 98 |
96 Version 1.12.1 (2023-07-04) | 99 Version 1.12.1 (2023-07-04) |
97 =========================== | 100 =========================== |
98 | 101 |