tonyair/silverstripe-framework
1
0
Fork 0
mirror of https://github.com/silverstripe/silverstripe-framework synced 2024-10-22 14:05:37 +02:00
Code Issues Projects Releases Wiki Activity
569237c0f4
silverstripe-framework/src
History
Serge Latyntcev 569237c0f4 [CVE-2019-12203] Session fixation in "change password" form 
A potential account hijacking may happen if an attacker has physical access to
victim's computer to perform session fixation. Also possible if the targeted application contains an XSS vulnerability.
Requires the victim to click the password reset link sent to their email.
If all the above happens, attackers may reset the password before the actual user does that.
2019-09-24 16:00:51 +12:00
..
conf Update deprecation PHPDocs to be PSR-5 compliant 2018-09-28 10:49:14 +02:00
Control [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 16:00:51 +12:00
Core Use strcasecmp 2019-03-27 12:40:56 +13:00
Dev FIX Byte Order Marks (BOM) are now stripped when importing CSV files 2019-08-29 14:54:57 +12:00
Forms FIX: Don't force-add view button to readonly GridField (fixes #9249) 2019-09-23 16:52:47 +01:00
i18n minor i18nEntityProvider.php API documentation fix 2018-09-28 10:28:00 +10:00
includes Merge branch '4.2' into 4.3 2019-04-11 11:21:42 +12:00
Logging ENHANCEMENT Don't infer trace if explicitly provided 2017-11-16 11:03:01 +13:00
ORM BUG Allow infinite loop when calling DataObject::writeComponent() recursively 2019-09-10 14:15:28 +12:00
Security [CVE-2019-12203] Session fixation in "change password" form 2019-09-24 16:00:51 +12:00
View Merge branch '4.2' into 4.3 2019-09-13 18:10:37 -07:00