v2.4.7
object db9e22fda0d78366129e7749c40118ee052c1a6c
authorMarius Mathiesen <marius@gitorious.org>
Wed, 6 Feb 2013 08:29:26 +0000 (09:29 +0100)
Gitorious 2.4.7

This release fixes an issue where an attacker by sending a crafted XML payload to
the reset password function would be able to gain access to the accounts of users
who have recently requested a password reset.

All users are advised to upgrade immediately.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQEcBAABAgAGBQJREhRrAAoJEE38ZdArT3hkHU8IAJ11fUsm6AaE5Dk1IQT+Gph1
gsf5PAJrVAfhOwbvi38+sRw60UzVl+SEUKhUQHWMo4+i1rOg0kCEoM3L57OHbNP+
ZkZguHnlRax3JcQXtdvqPDpmSQOkLLWvro5p7ubB9+VbxR4hPHGKDtDARikL5DqX
hFf4Xp99qspnORqEOV44vx+tuFEmHbef1GWWqe/4HAkfK7sVKRttBj8YWAiIA9st
VNfOmkzbgOfDAUgnzijMW6WcBAvItVQ9Hl2vk58cFKYga1fF3eBuY7RqtNuehkjc
VWwzURf6wGy8tNnP6ID2jZMfzmaEM2v83uJrhjGOZfAHppmxWT1h8D+ZVflLXrw=
=yIme
-----END PGP SIGNATURE-----