Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1250

Old DWR causes CSRF, XSS in Admin Console

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.2.0
    • Component/s: None
    • Labels:
      None

      Description

      We're currently using DWR 1.1.4, which has weaknesses in terms of modern web security. An update to 3.0.2 should be possible, but is a substantial piece of work and impacts a number of cases (Monitoring Plugin and Kraken as well as core).

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              dwd Dave Cridland
              Reporter:
              dwd Dave Cridland
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: