<div dir="ltr"><div><div><div><div><div>Hi,<br></div><br>authnotrequired is set to 1 because <a href="http://opac-memberentry.pl">opac-memberentry.pl</a> is also used by the self registration feature.<br></div>The patron information displayed is based on the logged in user, not a parameter passed to the script.<br><br></div>Everything looks ok to me.<br><br></div>Regards,<br></div>Jonathan<br><br><div class="gmail_quote"><div dir="ltr">On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team <<a href="mailto:kohadevinim@devinim.com.tr">kohadevinim@devinim.com.tr</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">

  <div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">

    <p class="gmail_msg">Hi all,</p>

    <p class="gmail_msg">In the <a href="http://opac-memberentry.pl" class="gmail_msg" target="_blank">opac-memberentry.pl</a> authnotrequired area is 1 by default,

      in that case, user information can be reached without given a user

      authentication <br class="gmail_msg">

    </p>

    <p class="gmail_msg">and this can lead some vulnerabilites, do we miss something? We

      were not able to understand why it is 1 by default?</p>

    <p class="gmail_msg">Thanks.<br class="gmail_msg">

    </p></div><div bgcolor="#FFFFFF" text="#000000" class="gmail_msg">

    <div class="m_1657876652455208796moz-cite-prefix gmail_msg">On 14-03-2017 11:33, Chris Cormack

      wrote:<br class="gmail_msg">

    </div>

    <blockquote type="cite" class="gmail_msg">Hi, <br class="gmail_msg">

      <br class="gmail_msg">

      Normally once they are released the release maintainer shifts them

      out of security. That one got missed, shifted now <br class="gmail_msg">

      <br class="gmail_msg">

      Chris <br class="gmail_msg">

      <br class="gmail_msg">

      <div class="gmail_quote gmail_msg">On 14 March 2017 9:13:51 PM NZDT, Devinim

        Koha Development Team <a class="m_1657876652455208796moz-txt-link-rfc2396E gmail_msg" href="mailto:kohadevinim@devinim.com.tr" target="_blank"><kohadevinim@devinim.com.tr></a> wrote:

        <blockquote class="gmail_quote gmail_msg" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">

          <pre class="m_1657876652455208796k9mail gmail_msg">Hi all,

How can we see the fixes of security bugs?

We've faced with a vulnerability with Bug# 16969 in a new version, but 

it's said that it was fixed in 3.22.10.

Thanks.

Devinim Koha Dev. Team

<hr class="gmail_msg">

Koha-devel mailing list

<a class="m_1657876652455208796moz-txt-link-abbreviated gmail_msg" href="mailto:Koha-devel@lists.koha-community.org" target="_blank">Koha-devel@lists.koha-community.org</a>

<a href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel" class="gmail_msg" target="_blank">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a>

website : <a href="http://www.koha-community.org" class="gmail_msg" target="_blank">http://www.koha-community.org</a>/

git : <a href="http://git.koha-community.org" class="gmail_msg" target="_blank">http://git.koha-community.org</a>/

bugs : <a href="http://bugs.koha-community.org" class="gmail_msg" target="_blank">http://bugs.koha-community.org</a>/

</pre></blockquote></div>

-- 

Sent from my Android device with K-9 Mail. Please excuse my brevity.

</blockquote>

</div>_______________________________________________<br class="gmail_msg">

Koha-devel mailing list<br class="gmail_msg">

<a href="mailto:Koha-devel@lists.koha-community.org" class="gmail_msg" target="_blank">Koha-devel@lists.koha-community.org</a><br class="gmail_msg">

<a href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel" rel="noreferrer" class="gmail_msg" target="_blank">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a><br class="gmail_msg">

website : <a href="http://www.koha-community.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://www.koha-community.org/</a><br class="gmail_msg">

git : <a href="http://git.koha-community.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://git.koha-community.org/</a><br class="gmail_msg">

bugs : <a href="http://bugs.koha-community.org/" rel="noreferrer" class="gmail_msg" target="_blank">http://bugs.koha-community.org/</a></blockquote></div></div>