[Koha-devel] How to see security fixes

Devinim Koha Development Team kohadevinim at devinim.com.tr
Wed Mar 15 16:57:38 CET 2017 

Hi,

In that case we can reach the user detailed information without giving a 
password by curl.

If you want we can share the code how to get this information without 
authentication, from this list.


On 15-03-2017 18:50, Jonathan Druart wrote:
> Hi,
>
> authnotrequired is set to 1 because opac-memberentry.pl 
> <http://opac-memberentry.pl> is also used by the self registration 
> feature.
> The patron information displayed is based on the logged in user, not a 
> parameter passed to the script.
>
> Everything looks ok to me.
>
> Regards,
> Jonathan
>
> On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team 
> <kohadevinim at devinim.com.tr <mailto:kohadevinim at devinim.com.tr>> wrote:
>
>     Hi all,
>
>     In the opac-memberentry.pl <http://opac-memberentry.pl>
>     authnotrequired area is 1 by default, in that case, user
>     information can be reached without given a user authentication
>
>     and this can lead some vulnerabilites, do we miss something? We
>     were not able to understand why it is 1 by default?
>
>     Thanks.
>
>     On 14-03-2017 11:33, Chris Cormack wrote:
>>     Hi,
>>
>>     Normally once they are released the release maintainer shifts
>>     them out of security. That one got missed, shifted now
>>
>>     Chris
>>
>>     On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team
>>     <kohadevinim at devinim.com.tr> <mailto:kohadevinim at devinim.com.tr>
>>     wrote:
>>
>>         Hi all,
>>
>>         How can we see the fixes of security bugs?
>>
>>         We've faced with a vulnerability with Bug# 16969 in a new version, but
>>         it's said that it was fixed in 3.22.10.
>>
>>
>>         Thanks.
>>
>>         Devinim Koha Dev. Team
>>
>>         ------------------------------------------------------------------------
>>
>>         Koha-devel mailing list
>>         Koha-devel at lists.koha-community.org
>>         <mailto:Koha-devel at lists.koha-community.org>
>>         http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>>         website :http://www.koha-community.org/
>>         git :http://git.koha-community.org/
>>         bugs :http://bugs.koha-community.org/
>>
>>     -- Sent from my Android device with K-9 Mail. Please excuse my
>>     brevity. 
>     _______________________________________________ Koha-devel mailing
>     list Koha-devel at lists.koha-community.org
>     <mailto:Koha-devel at lists.koha-community.org>
>     http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
>     website : http://www.koha-community.org/ git :
>     http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : http://www.koha-community.org/
> git : http://git.koha-community.org/
> bugs : http://bugs.koha-community.org/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.koha-community.org/pipermail/koha-devel/attachments/20170315/6e6f4350/attachment.html>

More information about the Koha-devel mailing list