By using the upload document function, an attacker could potentially upload an HTML
page to
TeamForge that contains active code, such as
JavaScript. This active code would then be executed by clients' browsers when they view the
page.
To prevent an attack of this sort, you can specify whether or not HTML code is
displayed in CollabNet
TeamForge. This flag applies to all
documents, tracker, task, and forum attachments, and files in the file release system.
-
Set
the SAFE_DOWNLOAD_MODE token according to your requirements.
For more information, see SAFE_DOWNLOAD_MODE.
-
Deploy services.
- /opt/collabnet/teamforge/bin/teamforge
provision
Note:
The "provision" command prompts for response before it bootstraps or
migrates data during TeamForge installation and upgrade respectively.
Enter "y" or "N" to proceed. For more information, see the TeamForge script.
TeamForge 17.4 (and later) installer expects the system locale to be
LANG=en_US.UTF-8. TeamForge "provision" command fails otherwise.