Hi all,

In the opac-memberentry.pl authnotrequired area is 1 by default, in that case, user information can be reached without given a user authentication

and this can lead some vulnerabilites, do we miss something? We were not able to understand why it is 1 by default?

Thanks.

On 14-03-2017 11:33, Chris Cormack wrote:
Hi,

Normally once they are released the release maintainer shifts them out of security. That one got missed, shifted now

Chris

On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team <kohadevinim@devinim.com.tr> wrote:
Hi all,

How can we see the fixes of security bugs?

We've faced with a vulnerability with Bug# 16969 in a new version, but 
it's said that it was fixed in 3.22.10.


Thanks.

Devinim Koha Dev. Team


Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.