Version 3.0.3¶
Released: August 17, 2018
Changes¶
Program code¶
Tags app: Add explicit post action redirect for the tag attach and tag remove actions when working on a single document.
Security¶
Tags app: Add explicit casting of escaped tag labels to prevent exploit of cross site scripting. Thanks to Lokesh (@lokesh1095) for the report and proposed solutions. Closes GitLab issue #496.
Removals¶
None
Upgrading from a previous version¶
Using PIP¶
Type in the console:
$ pip install mayan-edms==3.0.3
the requirements will also be updated automatically.
Using Git¶
If you installed Mayan EDMS by cloning the Git repository issue the commands:
$ git reset --hard HEAD
$ git pull
otherwise download the compressed archived and uncompress it overriding the existing installation.
Next upgrade/add the new requirements:
$ pip install --upgrade -r requirements.txt
Common steps¶
Migrate existing database schema with:
$ mayan-edms.py performupgrade
Add new static media:
$ mayan-edms.py collectstatic --noinput
The upgrade procedure is now complete.
Backward incompatible changes¶
None
Bugs fixed or issues closed¶
GitLab issue #496 Persistent Cross Site Scripting