[CVE-2019-10085] Apache Allura XSS vulnerability

[Dave Brondsema <dave () brondsema net>]

CVE-2019-10085 Apache Allura XSS vulnerability in ticket user dropdown selector

Severity: Important
Versions Affected: 1.10.0 and earlier

Description:
A vulnerability exists for stored XSS on the user dropdown selector when
creating or editing tickets.  The XSS executes when a user engages with that
dropdown on that page.

Mitigation:
Users of Allura should upgrade to Allura 1.11.0 immediately.

Credit:
This issue was discovered by Bob "Wombat" Hogg