[Koha-devel] How to see security fixes
Jonathan Druart
jonathan.druart at bugs.koha-community.org
Wed Mar 15 16:50:23 CET 2017
Hi,
authnotrequired is set to 1 because opac-memberentry.pl is also used by the
self registration feature.
The patron information displayed is based on the logged in user, not a
parameter passed to the script.
Everything looks ok to me.
Regards,
Jonathan
On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team <
kohadevinim at devinim.com.tr> wrote:
> Hi all,
>
> In the opac-memberentry.pl authnotrequired area is 1 by default, in that
> case, user information can be reached without given a user authentication
>
> and this can lead some vulnerabilites, do we miss something? We were not
> able to understand why it is 1 by default?
>
> Thanks.
> On 14-03-2017 11:33, Chris Cormack wrote:
>
> Hi,
>
> Normally once they are released the release maintainer shifts them out of
> security. That one got missed, shifted now
>
> Chris
>
> On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team
> <kohadevinim at devinim.com.tr> <kohadevinim at devinim.com.tr> wrote:
>
> Hi all,
>
> How can we see the fixes of security bugs?
>
> We've faced with a vulnerability with Bug# 16969 in a new version, but
> it's said that it was fixed in 3.22.10.
>
>
> Thanks.
>
> Devinim Koha Dev. Team
>
> ------------------------------
>
> Koha-devel mailing listKoha-devel at lists.koha-community.orghttp://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
>
> -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20170315/2c491822/attachment.html>
More information about the Koha-devel
mailing list