-
gosmtpd has a XSS vulnerablity that is exploitable in cloudstacks and devstacks. While this is not usually a problem this is preventing adding XSS tests to smoketests. The fix applied has been using the golang html/template library to escaped the user control strings before the html payload is built