Opened 11 years ago

Closed 11 years ago

Last modified 11 years ago

#770 closed defect (fixed)

New video.js (was: XSS vulnerability)

Reported by: Abandoned Owned by:
Priority: critical Milestone: 0.6.0
Component: programming Keywords:
Cc: Parent Tickets:


Attachments (1)

screenshot.png (26.3 KB ) - added by Abandoned 11 years ago.

Download all attachments as: .zip

Change History (6)

by Abandoned, 11 years ago

Attachment: screenshot.png added

comment:1 by Christopher Allan Webber, 11 years ago

You're right, argh. It looks like this has been addressed here:

We need to update our videojs code it looks like... trying now.

comment:2 by Christopher Allan Webber, 11 years ago

Well I updated the videojs code in MediaGoblin master, but then realized that this was for the SWF stuff only... we don't use that in MediaGoblin proper! It is used on the campaign page, but that site is a 100% static site, no logins or anything, so I think it's moot.

In the meanwhile I'll use this to track what to do about the mediagoblin master code changing. The code I pushed broke our existing videojs theming. But this does decrease the priority of pushing out a release.

comment:3 by Simon Fondrie-Teitler, 11 years ago

Component: infrastructureprogramming

comment:4 by Christopher Allan Webber, 11 years ago

Resolution: fixed
Status: newclosed

I think actually we're going to stick with the latest video.js, but there's no hurry to push out a new release anymore.

comment:5 by Christopher Allan Webber, 11 years ago

Milestone: 0.6.0
Summary: XSS vulnerabilityNew video.js (was: XSS vulnerability)
Note: See TracTickets for help on using tickets.