At 12:26 PM 10/11/2013 -0700, Galen Charlton wrote:
On Thu, Oct 10, 2013 at 3:17 AM, Marcel de Rooy
<<mailto:m.de.r...@rijksmuseum.nl>m.de.r...@rijksmuseum.nl> wrote:
I have been looking for these patches on Bugzilla, but I cannot find them.
[snip]
The patches lack a bug number because of a chicken-and-egg problem, as the
bug couldn't be posted before the patches and the release announcement were.
These patches have a nasty side-effect. If you use an older Koha version
and also current master on the same system for testing, the old Koha
version will stumble over this (shared) cookie:
[snip]
An alternative configuration which may better suit your needs is to use
name-based virtual hosts rather than port-based ones, which will perforce
ensure that the two versions don't share cookies.
[snip]
Considering that the security release was made at the end of July, was
targeted at supported *and* unsupported versions, and was heavily
publicized, there is already a fair amount of negative data
"Name based" v. "port based", "Nasty side effects" and "negative data"
raise flags with me. I've just looked up bug 10657 which either blind-sides
me with science or baffles me with bull. "Storable" and references to
"checked for JSON-correctness and is ignored" are meaningless without context.
If there really is a security aspect would someone please explain it?
OFF-LIST if need be.
Many thanks - Paul
_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/
