Great work!

 

From: Koha-devel <koha-devel-bounces@lists.koha-community.org> On Behalf Of Nick Clemens via Koha-devel
Sent: Friday, March 1, 2024 2:26 PM
To: Koha Devel <koha-devel@lists.koha-community.org>; Koha <koha@lists.katipo.co.nz>
Subject: [Koha-devel] Koha CSRF protection

 

Hello all!

 

We have pushed the CSRF work from 34478 and related bugs today. We know there are more follow-ups needed, and have filed a series of bugs under an omnibus:

https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192

 

We have a framapad where issues can be reported/found:

https://annuel.framapad.org/p/koha_34478_remaining

 

And we have bugs for each of the sections of the document. We need all developers to submit patches when they encounter issues, and for other users testing master to report found issues on the pad. Testers can report issues on the pad as well.

 

There is a new coding guideline - all POSTs to forms in Koha will need to include a csrf token:

https://wiki.koha-community.org/wiki/Coding_Guidelines#Security

 

This has been a big work, many thanks to all involved, and there is still work to be done, but this is an important fix that we must do.

 

You can reach out to me on IRC (kidclamp) or via email and I will do my best to help anyone contribute.

 

Thanks,

Nick


--

Nick Clemens

ByWater Solutions

Phone: (888) 900-8944

Pronouns: (he/him/his)
Timezone: Eastern

Follow us: