We're updating the issue view to help you get more done. 

Old DWR causes CSRF, XSS in Admin Console

Description

We're currently using DWR 1.1.4, which has weaknesses in terms of modern web security. An update to 3.0.2 should be possible, but is a substantial piece of work and impacts a number of cases (Monitoring Plugin and Kraken as well as core).

Environment

None

Acceptance Test - Entry

None

Activity

Show:
Daryl Herzmann
November 13, 2017, 6:31 PM

change was merged, assumed as resolved

Fixed

Assignee

Dave Cridland

Reporter

Dave Cridland

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

Priority

Major
Configure