This is a list of all fixed issues in 9.1 release. See also What's New in TeamCity 9.1 in the online documentation.

See also:

TeamCity 9.0.5 (build 32523) Release Notes


Usability Problem



Performance Problem

Security Problem

The issues will be made public in the future

{hidden-data}the same with links
h3. Security Problem
* [TW-17757|] - Require current password input on changing password
* [TW-39227|] - JavaScript injection via build tag in run custom build dialog
* [TW-40497|] - TeamCity can remember user logged in with "Remember me" unselected
* [TW-41290|] - XSS with editingScope parameter on /editVcsRoot.html page
* [TW-41291|] - XSS with notificatorType parameter on /admin/editGroup.html page
* [TW-41292|] - XSS with runTypeInfoKey parameter on /admin/editRunType.html page
* [TW-41294|] - XSS on YouTrack issue tracker test connection
* [TW-41343|] - XSS on generateFeedUrl.html
* [TW-41344|] - XSS with username field on registerUser.html
* [TW-41345|] - It is possible to change external id without having permissions for the project
* [TW-41346|] - XSS on project.html page
* [TW-41347|] - XML bomb can be uploaded via upload meta-runner action causing denial of service
* [TW-41348|] - XXE attack is possible via upload plugin form 
* [TW-41349|] - XSS with backup file name on backup page
* [TW-41351|] - XSS problem on the diffView.html page
* [TW-41526|] - HTML injection in Label build feature
* [TW-41533|] - XXE and Xml bomb attacks possible via teamcity-info.xml
* [TW-41696|] - JavaScript injection from debugging tracing data (off by default)
* [TW-41758|] - XSS on project builds schedule page
* [TW-41759|] - XSS is possible via rootURL parameter on cloud profile page and RSS feed page
* [TW-41785|] - XSS on agent push page