* djblets.datagrid: * Data pulled from the database and rendered into cells are always escaped now. Custom columns can still override this by providing their own rendering. This led to an XSS vulnerability.
something holding 0.7.16 back?
(In reply to Joakim Tjernlund from comment #1) > something holding 0.7.16 back? Not as far as I know, just waiting for the maintainer to bump.
like I said
(In reply to Ian Delaney from comment #3) > like I said ?
Now that django 1.4.8 and 1.5.4 are in tree, can we have Djblets 0.7.16 and 0.7.17 too?
Created attachment 359434 [details] Initial Djblets-0.7.18 ebuild This is what I had to change from 0.7.15 to build 0.7.18: --- Djblets-0.7.15.ebuild 2013-06-24 17:31:12.000000000 +0200 +++ Djblets-0.7.18.ebuild 2013-09-25 17:37:03.850366096 +0200 @@ -16,7 +16,7 @@ KEYWORDS="~amd64 ~x86" IUSE="test" -RDEPEND=">=dev-python/django-1.4.5[${PYTHON_USEDEP}] +RDEPEND=">=dev-python/django-1.4.8[${PYTHON_USEDEP}] <dev-python/django-1.5[${PYTHON_USEDEP}] virtual/python-imaging[${PYTHON_USEDEP}] >=dev-python/django-pipeline-1.2.24[${PYTHON_USEDEP}] @@ -33,7 +33,6 @@ mkdir djblets/feedview/testdata || die cp "${FILESDIR}"/sample.rss djblets/feedview/testdata || die fi - epatch "${FILESDIR}"/exclude-tests.patch distutils-r1_python_prepare_all }
Seems like this package has been left behind. Could some other gentoo dev bump this package?
Vulnerable versions are no longer in the tree.