Closed Bug 545327 Opened 11 years ago Closed 11 years ago
Local patch to AMO for public security vulnerability
Please apply this patch to AMO production to fix a publicly-disclosed security vulnerability with add-on installation: https://bug544660.bugzilla.mozilla.org/attachment.cgi?id=425889 It's been tested by QA and the bug reporter.
This js is compressed and minified on production, so there's nothing to patch. We'll need to do a new build first.
I realized that patch wouldn't help in production JS, so Jeff is working on the patch to get the JS updated and uncached.
Severity: critical → major
I committed a new build as r62039. The important changes are in site/app/config/revisions.php and /site/app/webroot/js/amo2009/amo2009.min.js, but it won't hurt anything to update the other changed files.
Severity: major → critical
Here's the patch without any of the binary file changes.
Patched [root@mradm02 addons.mozilla.org-remora]# patch -p0 < 545327.patch patching file site/app/config/revisions.php patching file site/app/webroot/css/amo2009/style.min.css patching file site/app/webroot/js/amo2009/amo2009.min.js and pushed live.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.