allura-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dave Brondsema <d...@brondsema.net>
Subject Re: [security] two csrf fixes
Date Mon, 03 Aug 2015 22:07:51 GMT
On 7/30/15 3:00 PM, Dave Brondsema wrote:
> 
> Two CSRF fixes have been made recently.  They are not super critical, but anyone
> using Allura should consider upgrading to latest from git.  We should make a
> release of Allura soon too which would include these.
> 
> https://forge-allura.apache.org/p/allura/tickets/7685/
> https://forge-allura.apache.org/p/allura/tickets/7942/
> 
> If anyone is interested in a formal security list for disclosing issues like
> this, please let us know.
> 
> 

And a XSS fix https://forge-allura.apache.org/p/allura/tickets/7947/   Again,
available in git 'master' now.


-- 
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
              <><

Mime
View raw message