Changelog for 5.2.0 says: “Fixed slightly possible CSFR Bug”. It should tell CSRF security vulnerability has been fixed and include references (at least CVE identifier). Here is proof of concept: http://www.openwall.com/lists/oss-security/2013/05/16/8 for CVE-2013-2107. Other references:
– http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-2107 (will be updated)
- The topic ‘Please update changelog’ is closed to new replies.