Actions
Bug #14271
closedJS in directive name is executed on rule table if the directive is disabled
Pull Request:
Severity:
Minor - inconvenience | misleading | easy workaround
UX impact:
User visibility:
Infrequent - complex configurations | third party integrations
Effort required:
Priority:
22
Name check:
Fix check:
Regression:
Description
We still have a problem similar to #14221, but not a security one, in the explication of why a rule is disable is the js is in directive name.
Updated by François ARMAND almost 6 years ago
- Status changed from New to In progress
Updated by François ARMAND almost 6 years ago
- Related to Bug #14221: we can inject html & javascript in Rudder tables added
Updated by François ARMAND almost 6 years ago
- Status changed from In progress to Pending technical review
- Assignee changed from François ARMAND to Nicolas CHARLES
- Pull Request set to https://github.com/Normation/rudder/pull/2131
Updated by François ARMAND almost 6 years ago
- Status changed from Pending technical review to Pending release
Applied in changeset rudder|d9f4664c010a9bbe59be829ef30b84a309ed2453.
Updated by François ARMAND almost 6 years ago
- Status changed from Pending release to Released
This bug has been fixed in Rudder 4.1.20, 4.3.10 and 5.0.6 which were released today.
Actions