Unverified Commit 4341067c authored by Moritz 'e1mo' Fromm's avatar Moritz 'e1mo' Fromm
Browse files

dokuwiki: 2023-04-04 -> 2023-04-04a 

Hotfix for a discovered vulnerability (deemed as high[^1])
in the RSS parser allowing cross-site scripting via injected,
arbitrary, JavaScript.

Changes: https://github.com/dokuwiki/dokuwiki/compare/release-2023-04-04...release-2023-04-04a

[^1]: https://huntr.dev/bounties/c6119106-1a5c-464c-94dd-ee7c5d0bece0/
parent 84347609

pkgs/servers/web-apps/dokuwiki/default.nix

+2 −2
Original line number Diff line number Diff line
@@ -8,13 +8,13 @@ 


stdenv.mkDerivation rec {

  pname = "dokuwiki";

  version = "2023-04-04";

  version = "2023-04-04a";



  src = fetchFromGitHub {

    owner = "dokuwiki";

    repo = pname;

    rev = "release-${version}";

    sha256 = "sha256-QJnXKsEhvEcE88wvfMZR2j7X/pW8+28zlEnxhvhl+44=";

    sha256 = "sha256-PVfJfGYa2Drf4ljnnhb7kNpjfQlW4dDt5Xd5h+C8tP4=";

  };



  preload = writeText "preload.php" ''