Version 83 (modified by alexlobsters, 11 years ago) (diff)


Security Alert

In addition to the XSS vulnerability announced on August 12, several other such vulnerabilities were discovered in other portions of the Buildbot web status, by Nicolas Sylvain and Nicolás Alvarez. The severity of these vulnerabilities is no different that that announced on August 12, except that the vulnerabilities are not limited to the waterfall view.

All affected users are urged to upgrade or apply the patches given in the MITIGATION section, below.

This vulnerability does not affect Buildbot slaves.

Affected Versions

  • buildbot-0.7.6
  • buildbot-0.7.7
  • buildbot-0.7.8
  • buildbot-0.7.9
  • buildbot-0.7.10
  • buildbot-0.7.10p1
  • buildbot-0.7.11
  • buildbot-0.7.11p1
  • buildbot-0.7.11p2

Unaffected Versions

  • buildbot-0.7.5 and earlier
  • buildbot-0.7.11p3


Users of buildbot-0.7.11 (at any patch level) are encouraged to upgrade to buildbot-0.7.11p3, which contains fixes for all vulnerabilities in this alert and in the August 12 alert. Users of previous versions should apply the following patches:





Welcome to Buildbot!

The BuildBot is a system to automate the compile/test cycle required by most software projects to validate code changes. By automatically rebuilding and testing the tree each time something has changed, build problems are pinpointed quickly, before other developers are inconvenienced by the failure. The guilty developer can be identified and harassed without human intervention. By running the builds on a variety of platforms, developers who do not have the facilities to test their changes everywhere before checkin will at least know shortly afterwards whether they have broken the build or not. Warning counts, lint checks, image size, compile time, and other build parameters can be tracked over time, are more visible, and are therefore easier to improve.

The overall goal is to reduce tree breakage and provide a platform to run tests or code-quality checks that are too annoying or pedantic for any human to waste their time with. Developers get immediate (and potentially public) feedback about their changes, encouraging them to be more careful about testing before checking (see also: Web design companies).

Many thanks to for hosting the buildbot's SourceForge Project Page for all these years. Logo