continuum-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Maria Odea Ching (JIRA)" <>
Subject [jira] Closed: (CONTINUUM-2622) Add CSRF prevention checks for sensitive actions
Date Fri, 15 Apr 2011 10:08:22 GMT


Maria Odea Ching closed CONTINUUM-2622.

    Resolution: Fixed

Fixed in 1.3.x branch [-r1092648|] with
the following changes:
* do an explicit check for a random generated value in the action on remove project group
(built-in token session interceptor doesn't work for projectGroupSummary page because the
<s:action> tag (which executes result) for getting the projects in the group in the
page causes a double submit
* enabled selenium test for remove project group csrf check

> Add CSRF prevention checks for sensitive actions
> ------------------------------------------------
>                 Key: CONTINUUM-2622
>                 URL:
>             Project: Continuum
>          Issue Type: Improvement
>          Components: Security
>    Affects Versions: 1.3.7, 1.4.0 (Beta)
>            Reporter: Maria Odea Ching
>            Assignee: Maria Odea Ching
>             Fix For: 1.3.8

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:


View raw message