1 new commit in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/26aab19109ce/
Changeset: 26aab19109ce
Branch: stable
User: natefoo
Date: 2014-11-27 14:00:14+00:00
Summary: Update tag latest_2014.10.06 for changeset acb2548443ae
Affected #: 1 file
diff -r acb2548443ae42d39ef200d035ccc0481d6b930c -r 26aab19109ce7956f29bfc4f5877e6950c0fae56 .hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -20,4 +20,4 @@
ca45b78adb4152fc6e7395514d46eba6b7d0b838 release_2014.08.11
548ab24667d6206780237bd807f7d857a484c461 latest_2014.08.11
2092948937ac30ef82f71463a235c66d34987088 release_2014.10.06
-adc4aa8b3d9ad77ef85f8b0d7e4d90bd29775167 latest_2014.10.06
+acb2548443ae42d39ef200d035ccc0481d6b930c latest_2014.10.06
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.
2 new commits in galaxy-central:
https://bitbucket.org/galaxy/galaxy-central/commits/06100e9a5626/
Changeset: 06100e9a5626
Branch: next-stable
User: jmchilton
Date: 2014-11-26 13:57:49+00:00
Summary: galaxy.ini.sample doc clarifications.
Fix typo caught by Martin. Add warning message about why public servers should not disable sanitize_all_html.
Affected #: 1 file
diff -r 9925a5adf6c4b65d3242d99bc16138839ad7ef21 -r 06100e9a5626c38f3182e353470e882c29564c63 config/galaxy.ini.sample
--- a/config/galaxy.ini.sample
+++ b/config/galaxy.ini.sample
@@ -523,13 +523,14 @@
# it faster on the fly.
#upstream_gzip = False
-# The following default adds a header to web request responses that will cause
-# modern web browsers to not allow Galaxy to be embedded in the frames of web
-# applications hosted at other hosts - this can help prevent a class of attack
-# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you
-# configuring a proxy to sit infront of Galaxy - please ensure this header
-# remains intact to protect your users. Uncomment and leave empty to not set
-# the `X-Frame-Options` header.
+# The following default adds a header to web request responses that
+# will cause modern web browsers to not allow Galaxy to be embedded in
+# the frames of web applications hosted at other hosts - this can help
+# prevent a class of attack called clickjacking
+# (https://www.owasp.org/index.php/Clickjacking). If you configure a
+# proxy in front of Galaxy - please ensure this header remains intact
+# to protect your users. Uncomment and leave empty to not set the
+# `X-Frame-Options` header.
#x_frame_options = SAMEORIGIN
# nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module.
@@ -586,10 +587,11 @@
# log_events and log_actions functionality will eventually be merged.
#log_actions = True
-# Sanitize All HTML Tool Output
-# By default, all tool output served as 'text/html' will be sanitized
-# thoroughly. This can be disabled if you have special tools that require
-# unaltered output.
+# Sanitize All HTML Tool Output By default, all tool output served as
+# 'text/html' will be sanitized thoroughly. This can be disabled if
+# you have special tools that require unaltered output. WARNING:
+# Disabling this does make the Galxy instance susceptible to XSS
+# attacks initiated by your users.
#sanitize_all_html = True
# By default Galaxy will serve non-HTML tool output that may potentially
https://bitbucket.org/galaxy/galaxy-central/commits/d32c333831cc/
Changeset: d32c333831cc
User: jmchilton
Date: 2014-11-26 13:58:14+00:00
Summary: Merge next-stable.
Affected #: 1 file
diff -r bf6fe8748b4d6f9096e9aa11f5abe7abcd372e27 -r d32c333831cc36c13430ca17ab893cab79554873 config/galaxy.ini.sample
--- a/config/galaxy.ini.sample
+++ b/config/galaxy.ini.sample
@@ -523,13 +523,14 @@
# it faster on the fly.
#upstream_gzip = False
-# The following default adds a header to web request responses that will cause
-# modern web browsers to not allow Galaxy to be embedded in the frames of web
-# applications hosted at other hosts - this can help prevent a class of attack
-# called clickjacking (https://www.owasp.org/index.php/Clickjacking). If you
-# configuring a proxy to sit infront of Galaxy - please ensure this header
-# remains intact to protect your users. Uncomment and leave empty to not set
-# the `X-Frame-Options` header.
+# The following default adds a header to web request responses that
+# will cause modern web browsers to not allow Galaxy to be embedded in
+# the frames of web applications hosted at other hosts - this can help
+# prevent a class of attack called clickjacking
+# (https://www.owasp.org/index.php/Clickjacking). If you configure a
+# proxy in front of Galaxy - please ensure this header remains intact
+# to protect your users. Uncomment and leave empty to not set the
+# `X-Frame-Options` header.
#x_frame_options = SAMEORIGIN
# nginx can also handle file uploads (user-to-Galaxy) via nginx_upload_module.
@@ -586,10 +587,11 @@
# log_events and log_actions functionality will eventually be merged.
#log_actions = True
-# Sanitize All HTML Tool Output
-# By default, all tool output served as 'text/html' will be sanitized
-# thoroughly. This can be disabled if you have special tools that require
-# unaltered output.
+# Sanitize All HTML Tool Output By default, all tool output served as
+# 'text/html' will be sanitized thoroughly. This can be disabled if
+# you have special tools that require unaltered output. WARNING:
+# Disabling this does make the Galxy instance susceptible to XSS
+# attacks initiated by your users.
#sanitize_all_html = True
# By default Galaxy will serve non-HTML tool output that may potentially
Repository URL: https://bitbucket.org/galaxy/galaxy-central/
--
This is a commit notification from bitbucket.org. You are receiving
this because you have the service enabled, addressing the recipient of
this email.