Files @ ae947de541d5
Branch filter:

Location: kallithea/docs/changelog.rst - annotation

ae947de541d5 200 B text/prs.fallenstein.rst Show Source Show as Raw Download as Raw
Mads Kiilerich
auth: check CSRF protection token when authenticating

Use pylons secure_form to get CSRF protection on all authenticated POSTs. This
fixes CVE-2015-0276.

GETs should not have any side effects and do thus not need CSRF protection.

Reported by Paul van Empelen.
1
2
3
4
5
6
7
8
9
42a87338035a
42a87338035a
17c9393e9645
42a87338035a
42a87338035a
42a87338035a
ad49bbd8f984
d533249e7d55
ad49bbd8f984

.. _changelog:

=========
Changelog
=========

Kallithea project doesn't keep its changelog here.  We refer you to our Mercurial logs_ .

.. _logs: https://kallithea-scm.org/repos/kallithea/changelog
Server instance: clio-4962 This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3. – Support