PyPi: Kiwitcms

CVE-2022-41323

Transitive

Safety vulnerability ID: 51780

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Oct 16, 2022 Updated at Nov 29, 2024
Scan your Python projects for vulnerabilities →

Advisory

Kiwitcms 11.6 updates its dependency 'Django' from 4.0.7 to 4.1.3 to include a security fix.

Affected package

kiwitcms

Latest version: 12.4

Test Case Management System

Affected versions

Fixed versions

Vulnerability changelog

- Sanitize HTML input when generating history diff to prevent XSS attacks


Improvements
~~~~~~~~~~~~

- Update django-extensions from 3.2.0 to 3.2.1
- Update jira from 3.4.0 to 3.4.1
- Update psycopg2 from 2.9.3 to 2.9.5
- Update pygithub from 1.55 to 1.57
- Update python-gitlab from 3.9.0 to 3.11.0
- Update tzdata from 2022.2 to 2022.6
- Container is now built on top of Red Hat Enteroprise Linux 9 and Python 3.9

.. warning::

There is high risk of breaking downstream containers. Pay attention to
bind-mounted settings files. Inspect downstream Dockerfile & docker-compose.yml
files !!!

- Unify some translation strings
- Document add-on issue tracker integrations
- Rename Properties to Parameters because "test case parameters" is
more widely used


Bug fixes
~~~~~~~~~

- ``JIRA.get_issue_type_from_jira()`` now accepts a second argument. Fixes
`Issue 2929 <https://github.com/kiwitcms/Kiwi/issues/2929>`_ (cmbahadir)
- Fix typo in documentation (Christian Clauss)
- Trim white-space after splitting parameter values. For example the inputs
'OS=Linux' and 'OS = Windows ' will result in
Key: 'OS', Values: ['Linux', 'Windows']


Refactoring and testing
~~~~~~~~~~~~~~~~~~~~~~~

- Update Fedora from 32 to 36 in /tests/bugzilla
- Remove Travis CI config b/c we don't use it anymore
- Add Coverity Scan as a GitHub action
- Don't scan devel dependencies with Coverity Scan
- Redirect to where we came from in case posting a comment results in invalid
form
- Configure Dependabot to update Docker containers and try tightening security
around docker containers used during testing
- Use npm audit fix to automatically update some Node.js dependecies
- Execute ``npm audit signatures`` when installing Node.js packages
- Start using ``find_namespace_packages()`` to resolve
'Package would be ignored' warnings from setuptools
- Add missing field in ``setup()`` to avoid a warning


Translations
~~~~~~~~~~~~

- Updated `Chinese Simplified translation <https://crowdin.com/project/kiwitcms/zh-CN#>`_
- Updated `Chinese Traditional translation <https://crowdin.com/project/kiwitcms/zh-TW#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `German translation <https://crowdin.com/project/kiwitcms/de#>`_
- Updated `Slovak translation <https://crowdin.com/project/kiwitcms/sk#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_



Kiwi TCMS 11.5 (06 Sep 2022)
----------------------------

.. important::

This is a small release which contains several improvements, bug fixes
and new translations!

Supported upgrade paths::

5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)

After upgrade don't forget to::

./manage.py upgrade


Improvements
~~~~~~~~~~~~

- Update jira from 3.3.1 to 3.4.0
- Update pygments from 2.12.0 to 2.13.0
- Update python-gitlab from 3.7.0 to 3.9.0
- Update tzdata from 2022.1 to 2022.2
- Add Product drop down field in Build admin page. Closes
`Issue 2818 <https://github.com/kiwitcms/Kiwi/issues/2818>`_
- Add 'prune' argument required for Django 4.1 compatibility
- Improve documentation around ``DEFAULT_GROUPS``
- Update docs about language preferences and add a Change language menu item. Closes
`Issue 2901 <https://github.com/kiwitcms/Kiwi/issues/2901>`_,
`Issue 2902 <https://github.com/kiwitcms/Kiwi/issues/2902>`_,
`Issue 2903 <https://github.com/kiwitcms/Kiwi/issues/2903>`_
- Performance improvement for Status matrix telemetry
- Performance improvement for Execution trends telemetry
- Display a spinner widget while telemetry data is still loading. Closes
`Issue 1801 <https://github.com/kiwitcms/Kiwi/issues/1801>`_


Bug fixes
~~~~~~~~~

- Fix error ``Jquery deferred: No length property of null object`` (cmbahadir)


Refactoring and testing
~~~~~~~~~~~~~~~~~~~~~~~

- Add test for ``AnonymousViewBackend`` & ``auth.`` permissions
- Exclude ``auth.view_`` permissions from ``AnonymousViewBackend``
- Specify 30 seconds timeout for internal requests via the requests library


Translations
~~~~~~~~~~~~

- Updated `Chinese Simplified translation <https://crowdin.com/project/kiwitcms/zh-CN#>`_
- Updated `French translation <https://crowdin.com/project/kiwitcms/fr#>`_
- Updated `Polish translation <https://crowdin.com/project/kiwitcms/pl#>`_
- Updated `Russian translation <https://crowdin.com/project/kiwitcms/ru#>`_
- Updated `Slovenian translation <https://crowdin.com/project/kiwitcms/sl#>`_



Kiwi TCMS 11.4 (03 Aug 2022)
----------------------------

.. important::

This is a medium sized release which contains security related updates,
multiple improvements, database and API changes, new settings, bug fixes
and new translations!


Supported upgrade paths::

5.3 (or older) -> 5.3.1
5.3.1 (or newer) -> 6.0.1
6.0.1 -> 6.1
6.1 -> 6.1.1
6.1.1 -> 6.2 (or newer)

After upgrade don't forget to::

./manage.py upgrade

Security
~~~~~~~~

- Update django from 4.0.3 to 4.0.7, see

Resources

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application

Severity Details

CVSS Base Score

HIGH 7.5

CVSS v3 Details

HIGH 7.5
Attack Vector (AV)
NETWORK
Attack Complexity (AC)
LOW
Privileges Required (PR)
NONE
User Interaction (UI)
NONE
Scope (S)
UNCHANGED
Confidentiality Impact (C)
NONE
Integrity Impact (I)
NONE
Availability Availability (A)
HIGH