Changes for page Security

Last modified by Vincent Massol on 2023/11/07
<
From version < 17.1 >
edited by Thomas Mortagne
on 2017/03/24
To version < 20.1 >
edited by Ecaterina Moraru (Valica)
on 2017/09/04
>
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ThomasMortagne
1 +XWiki.evalica
Content
... ... @@ -53,7 +53,7 @@
53 53  
54 54  == Override version information ==
55 55  
56 -By default, the exact XWiki Enterprise version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.
56 +By default, the exact XWiki version is shown in the footer of every page. This is not harmful by itself, but can provide useful information to the attacker, who can use known vulnerabilities against this version.
57 57  
58 58  You can change the version string shown in the footer using the [[Administration Application>>extensions:Extension.Administration Application]]. Click on the ##Presentaton## icon and change the version string in the //Version// field.
59 59  
... ... @@ -153,7 +153,7 @@
153 153  
154 154  * Avoid "Privileged API" whenever possible and only use non API when absolutely necessary. If each of your calls requires you to pass the context as a parameter, you're doing it wrong.
155 155  
156 -For more information check the [[XWiki API Reference>>http://platform.xwiki.org/xwiki/bin/view/DevGuide/API]].
156 +For more information check the [[XWiki API Reference>>DevGuide.API]].
157 157  
158 158  == Cross Site Scripting ==
159 159  
... ... @@ -221,3 +221,12 @@
221 221  === Mitigation Methods ===
222 222  
223 223  Advise admins to use addons such as [[noscript>>https://addons.mozilla.org/en-US/firefox/addon/noscript/]] which will help prevent automatic form submission by an attack site and also avoid clicking on suspicious links.
224 +
225 += Advisory Notices =
226 +
227 +Here's a list of sites offering security advisory notices about XWiki:
228 +
229 +* [[nvd.nist.gov>>https://nvd.nist.gov/vuln/search/results?adv_search=false&form_type=basic&results_type=overview&search_type=all&query=xwiki]]
230 +* [[www.cvedetails.com>>http://www.cvedetails.com/product/6856/Xwiki-Xwiki.html?vendor_id=3885]]
231 +* [[vuldb.com>>https://vuldb.com/fr/?search]] (need to search for ##xwiki##)
232 +* [[vulners.com>>https://vulners.com/search?query=xwiki]]
XWiki.XWikiComments[6]
Comment
... ... @@ -1,2 +1,2 @@
1 1  It seems like this has been fixed in 3.2:
2 -http://jira.xwiki.org/browse/XWIKI-4873
2 +https://jira.xwiki.org/browse/XWIKI-4873

About

About

Support

Platform

User Guide

Admin Guide

Developer Guide

Projects

XWiki

Extensions

Other

Contribute

Status

Practices

Under the Hood

Get Involved

Get Connected