Old DWR causes CSRF, XSS in Admin Console

Description

We're currently using DWR 1.1.4, which has weaknesses in terms of modern web security. An update to 3.0.2 should be possible, but is a substantial piece of work and impacts a number of cases (Monitoring Plugin and Kraken as well as core).

Environment

None

Acceptance Test - Entry

None

Activity

Show:

Daryl Herzmann

November 13, 2017, 6:31 PM

Copy link to comment

change was merged, assumed as resolved

Fixed

Assignee

Dave Cridland

Reporter

Dave Cridland

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

4.2.0

Priority

Major

Configure