Package: monit Version: 1:5.20.0-6 Severity: normal Tags: upstream fixed-upstream Forwarded: https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check
Hi, monit upstream fixed a bug with invalid CSRF checking in cookies (https://bitbucket.org/tildeslash/monit/issues/495/invalid-csrf-check). One effect of that bug is that when administering multiple servers using monit's web interface, it is necessary to clear existing cookies before one can log into another server (especially when there is a mixture of jessie, stretch and buster machines involved). Another is that other services on the same host can set cookies which are presented before the monit cookie, and so a similar problem is caused. Please consider backporting this fix to stretch in the next oldstable point release. I haven't investigated whether it is the sole change in 5.21 or whether it would have to be cherry-picked. Thanks, -- Jonathan Wiltshire Red Hat Certified Engineer (#170-281-083) Tiger Computing Ltd ISO27001:2017 Certified Tel: 01600 483 484 Web: https://www.tiger-computing.co.uk Registered in England. Company number: 3389961 Registered address: Wyastone Business Park, Wyastone Leys, Monmouth, NP25 3SR

