[Koha] [Koha-devel] Koha CSRF protection

Tomas Cohen Arazi tomascohen at gmail.com
Sat Mar 2 02:59:29 NZDT 2024


Congrats team!

El vie, 1 mar 2024 a las 10:26, Nick Clemens via Koha-devel (<
koha-devel at lists.koha-community.org>) escribió:

> Hello all!
>
> We have pushed the CSRF work from 34478 and related bugs today. We know
> there are more follow-ups needed, and have filed a series of bugs under an
> omnibus:
> https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=36192
>
> We have a framapad where issues can be reported/found:
> https://annuel.framapad.org/p/koha_34478_remaining
>
> And we have bugs for each of the sections of the document. We need all
> developers to submit patches when they encounter issues, and for other
> users testing master to report found issues on the pad. Testers can report
> issues on the pad as well.
>
> There is a new coding guideline - all POSTs to forms in Koha will need to
> include a csrf token:
> https://wiki.koha-community.org/wiki/Coding_Guidelines#Security
>
> This has been a big work, many thanks to all involved, and there is still
> work to be done, but this is an important fix that we must do.
>
> You can reach out to me on IRC (kidclamp) or via email and I will do my
> best to help anyone contribute.
>
> Thanks,
> Nick
>
> --
> Nick Clemens
> ByWater Solutions
> bywatersolutions.com
> Phone: (888) 900-8944
> Pronouns: (he/him/his)
> Timezone: Eastern
> Follow us:
> <https://www.facebook.com/ByWaterSolutions/>
> <https://www.instagram.com/bywatersolutions/>
> <https://www.youtube.com/user/bywatersolutions>
> <https://twitter.com/ByWaterSolution>
> _______________________________________________
> Koha-devel mailing list
> Koha-devel at lists.koha-community.org
> https://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
> website : https://www.koha-community.org/
> git : https://git.koha-community.org/
> bugs : https://bugs.koha-community.org/
>


-- 
Tomás Cohen Arazi
Theke Solutions (https://theke.io)
✆ +54 9351 3513384
GPG: B2F3C15F


More information about the Koha mailing list