Source Control Integration

Author	Committer	Branch	Timestamp	Parent
dregad	dregad	master-2.25	2022-06-15 12:28	master-2.25 262ecdde
Affected Issues	0029135: CVE-2022-33910: Unrestricted SVG File Upload leads to CSS Injection
Changeset	Disable SVG files upload by default SVG files are not just images, they are XML files and as such could contain inline CSS or scripting which could be used as attack vector for stored XSS. Devendra Bhatla and Febin Mon Saji febinrev811@gmail.com both and independently reported this vulnerability. Fixes 0029135, CVE-2022-33910
	mod - config_defaults_inc.php			Diff File
	mod - docbook/Admin_Guide/en-US/config/uploads.xml			Diff File