ofbiz-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jacques Le Roux (Jira)" <j...@apache.org>
Subject [jira] [Closed] (OFBIZ-11425) Test "POC for CSRF Token" (CVE-2019-12425)
Date Sun, 05 Apr 2020 09:30:00 GMT

     [ https://issues.apache.org/jira/browse/OFBIZ-11425?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Jacques Le Roux closed OFBIZ-11425.
    Resolution: Fixed

> Test "POC for CSRF Token" (CVE-2019-12425)
> ------------------------------------------
>                 Key: OFBIZ-11425
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-11425
>             Project: OFBiz
>          Issue Type: Test
>          Components: ALL APPLICATIONS
>    Affects Versions: Release Branch 18.12, Release Branch 17.12, Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Major
> Hi All,
> This "test" Jira to ask your help to review and test the work done in OFBIZ-11306. We
have done all our possible, and now help is welcome. If you are experienced with penetrations
tools, please use them.
> You can find the branch to use in
> https://github.com/JacquesLeRoux/ofbiz-framework/tree/POC-for-CSRF-Token-OFBIZ-11306
> https://github.com/JacquesLeRoux/ofbiz-plugins/tree/POC-for-CSRF-Token-OFBIZ-11306. 
> It's ready to merge in OFBiz trunk but we will not create a PR before being rassured
that we (James and I) did not miss any issues. Like links without "csrf" token, or regressions
introduced by the effort.

This message was sent by Atlassian Jira

View raw message