18 Mar
2019
18 Mar
'19
10:15 p.m.
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=22522 --- Comment #2 from José-Mario Monteiro-Santos <jose-mario.monteiro-santos@inlibro.com> --- I've noticed today that with newer Mojolicious versions, the authentication is basically skipped as x-koha-authorization is never defined. It seems that this makes it so all endpoints do not require authorization to be accessed. This is a major security flaw, since anybody can for example access patron's information. -- You are receiving this mail because: You are watching all bug changes. You are the assignee for the bug.