Mailing List Archive

rt annotated tag, rt-4.0.6rc2, created. rt-4.0.6rc2
The annotated tag, rt-4.0.6rc2 has been created
at 0794de5c00009258427e4874bbe3eadd5dd0f598 (tag)
tagging b770e5f8abc6418ca8cb8e592287af535bd72249 (commit)
replaces rt-4.0.6rc1
tagged by Alex Vandiver
on Fri May 4 17:09:31 2012 -0400

- Log -----------------------------------------------------------------
release 4.0.6rc2
Version: GnuPG v1.4.11 (GNU/Linux)


Alex Vandiver (11):
Allow the homepage refresh argument as an idempotent query parameter
Abstract out creation of request tokens which bypass CSRF
Rename LogoutURL to the more general-use RefreshURL
Add a global argument which contains the decoded $m->request_args
Override $DECODED_ARGS with the (decoded) arguments from the CSRF token
Merge branch 'security/4.0/interstitial-path' into 4.0.6-releng
Clean up the error message in a common case of no explicit whitelisted hosts
Set the refresh URL on ticket results to a CRSF-safe one
Merge branch 'security/4.0/refresh-csrf' into 4.0.6-releng
Merge branch 'security/4.0/csrf-menuing' into 4.0.6-releng
Merge branch 'security/4.0/whitelist-csrf-referrer' into 4.0.6-releng

Jim Brandt (1):
Add WebPath to link created on CSRF interstitial page.

Kevin Falcone (4):
Fix a simple typo
Switch to our so that extensions can whitelist components
Add a new ReferrerWhitelist config option
Document how to pull from the error into the config

Rt-commit mailing list