Hi, authnotrequired is set to 1 because opac-memberentry.pl is also used by the self registration feature. The patron information displayed is based on the logged in user, not a parameter passed to the script.
Everything looks ok to me. Regards, Jonathan On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team < kohadevi...@devinim.com.tr> wrote: > Hi all, > > In the opac-memberentry.pl authnotrequired area is 1 by default, in that > case, user information can be reached without given a user authentication > > and this can lead some vulnerabilites, do we miss something? We were not > able to understand why it is 1 by default? > > Thanks. > On 14-03-2017 11:33, Chris Cormack wrote: > > Hi, > > Normally once they are released the release maintainer shifts them out of > security. That one got missed, shifted now > > Chris > > On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team > <kohadevi...@devinim.com.tr> <kohadevi...@devinim.com.tr> wrote: > > Hi all, > > How can we see the fixes of security bugs? > > We've faced with a vulnerability with Bug# 16969 in a new version, but > it's said that it was fixed in 3.22.10. > > > Thanks. > > Devinim Koha Dev. Team > > ------------------------------ > > Koha-devel mailing > listkoha-de...@lists.koha-community.orghttp://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : http://www.koha-community.org/ > git : http://git.koha-community.org/ > bugs : http://bugs.koha-community.org/ > > -- Sent from my Android device with K-9 Mail. Please excuse my brevity. > > _______________________________________________ > Koha-devel mailing list > Koha-devel@lists.koha-community.org > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : http://www.koha-community.org/ > git : http://git.koha-community.org/ > bugs : http://bugs.koha-community.org/
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
