Branch: refs/heads/release_16.10 Home: https://github.com/galaxyproject/galaxy Commit: 93a8bfc7cb5e9c3395c5057910ec39d68ad787b4 https://github.com/galaxyproject/galaxy/commit/93a8bfc7cb5e9c3395c5057910ec3... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 0e698813a96f1ad61d797255686f69cf5e6b1280 https://github.com/galaxyproject/galaxy/commit/0e698813a96f1ad61d797255686f6... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: ed045cd570cf6b2198fb496852458194c8e28d6f https://github.com/galaxyproject/galaxy/commit/ed045cd570cf6b2198fb496852458... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M config/galaxy.ini.sample M lib/galaxy/config.py M lib/galaxy/managers/folders.py M lib/galaxy/managers/libraries.py M lib/galaxy/tools/parameters/grouping.py M lib/galaxy/util/__init__.py A lib/galaxy/util/path/__init__.py A lib/galaxy/util/path/ntpath.py A lib/galaxy/util/path/posixpath.py M lib/galaxy/webapps/galaxy/api/lda_datasets.py M lib/galaxy/webapps/galaxy/api/remote_files.py M lib/galaxy/webapps/galaxy/controllers/library.py M lib/galaxy/webapps/galaxy/controllers/library_common.py M lib/galaxy/webapps/galaxy/controllers/user.py M lib/tool_shed/managers/groups.py Log Message: ----------- Security: Fix issues with path handling in libraries and in general. Commit: 9e672f94588b8eeecee745665162fc92f0158e27 https://github.com/galaxyproject/galaxy/commit/9e672f94588b8eeecee745665162f... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-19 (Thu, 19 Oct 2017) Changed paths: M tools/data_source/data_source.py Log Message: ----------- [GX-2017-0003]: Fix for the reported issue, only allow http, https, and ftp schemes in the data_source tool. Commit: dda175dbf088bb4ba014fbea70b610cb7e2c2ed6 https://github.com/galaxyproject/galaxy/commit/dda175dbf088bb4ba014fbea70b61... Author: Nate Coraor <nate@bx.psu.edu> Date: 2017-10-23 (Mon, 23 Oct 2017) Log Message: ----------- Merge branch 'release_16.07' into release_16.10 Compare: https://github.com/galaxyproject/galaxy/compare/34344a7563a3...dda175dbf088