RELEASED: Public: 2020-04-27
Security fixes
-
CloudBees Internal Ticket: FNDJEN-2010
Wikitext Plugin 3.9 and earlier does not escape the formatted text using Media Wiki, Textile and TWiki syntax formatters. This results in a stored cross-site scripting vulnerability that can be exploited by users with Job/Configure permission.
This version escapes the formatted text before printing it out.