<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p>Hi all,</p>
<p>In the opac-memberentry.pl authnotrequired area is 1 by default,
in that case, user information can be reached without given a user
authentication <br>
</p>
<p>and this can lead some vulnerabilites, do we miss something? We
were not able to understand why it is 1 by default?</p>
<p>Thanks.<br>
</p>
<div class="moz-cite-prefix">On 14-03-2017 11:33, Chris Cormack
wrote:<br>
</div>
<blockquote
cite="mid:7548E0E1-E753-473B-8626-DC809AF06586@catalyst.net.nz"
type="cite">Hi, <br>
<br>
Normally once they are released the release maintainer shifts them
out of security. That one got missed, shifted now <br>
<br>
Chris <br>
<br>
<div class="gmail_quote">On 14 March 2017 9:13:51 PM NZDT, Devinim
Koha Development Team <a class="moz-txt-link-rfc2396E" href="mailto:kohadevinim@devinim.com.tr"><kohadevinim@devinim.com.tr></a> wrote:
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt
0.8ex; border-left: 1px solid rgb(204, 204, 204);
padding-left: 1ex;">
<pre class="k9mail">Hi all,
How can we see the fixes of security bugs?
We've faced with a vulnerability with Bug# 16969 in a new version, but
it's said that it was fixed in 3.22.10.
Thanks.
Devinim Koha Dev. Team
<hr>
Koha-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Koha-devel@lists.koha-community.org">Koha-devel@lists.koha-community.org</a>
<a moz-do-not-send="true" href="http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel">http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel</a>
website : <a moz-do-not-send="true" href="http://www.koha-community.org">http://www.koha-community.org</a>/
git : <a moz-do-not-send="true" href="http://git.koha-community.org">http://git.koha-community.org</a>/
bugs : <a moz-do-not-send="true" href="http://bugs.koha-community.org">http://bugs.koha-community.org</a>/
</pre></blockquote></div>
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
</blockquote>
</body></html>