ChiliProject is not maintained anymore. Please be advised that there will be no more updates.
We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.
Revision cb2086f6
ID: cb2086f652eb9e3d5850612d62e60874212574ee
[#647] Fix XSS in textile image syntax.
Image URLs are not properly escaped in the bundled RedCloth3 library.
It thus allowed an XSS vector.
The patch was adapted from r7570 from Redmine by Etiene Massip. See also
http://www.redmine.org/issues/9245.