Re: [Koha-devel] How to see security fixes

Wed, 15 Mar 2017 08:58:36 -0700 

Hi,
In that case we can reach the user detailed information without giving a password by curl. 


If you want we can share the code how to get this information without 
authentication, from this list.



On 15-03-2017 18:50, Jonathan Druart wrote:

Hi,


authnotrequired is set to 1 because opac-memberentry.pl 
<http://opac-memberentry.pl> is also used by the self registration 
feature.
The patron information displayed is based on the logged in user, not a 
parameter passed to the script.


Everything looks ok to me.

Regards,
Jonathan


On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team 
<kohadevi...@devinim.com.tr <mailto:kohadevi...@devinim.com.tr>> wrote:


    Hi all,

    In the opac-memberentry.pl <http://opac-memberentry.pl>
    authnotrequired area is 1 by default, in that case, user
    information can be reached without given a user authentication

    and this can lead some vulnerabilites, do we miss something? We
    were not able to understand why it is 1 by default?

    Thanks.

    On 14-03-2017 11:33, Chris Cormack wrote:

    Hi,

    Normally once they are released the release maintainer shifts
    them out of security. That one got missed, shifted now

    Chris

    On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team
    <kohadevi...@devinim.com.tr> <mailto:kohadevi...@devinim.com.tr>
    wrote:

        Hi all,

        How can we see the fixes of security bugs?

        We've faced with a vulnerability with Bug# 16969 in a new version, but
        it's said that it was fixed in 3.22.10.


        Thanks.

        Devinim Koha Dev. Team

        ------------------------------------------------------------------------

        Koha-devel mailing list
        Koha-devel@lists.koha-community.org
        <mailto:Koha-devel@lists.koha-community.org>
        http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
        website :http://www.koha-community.org/
        git :http://git.koha-community.org/
        bugs :http://bugs.koha-community.org/

    -- Sent from my Android device with K-9 Mail. Please excuse my

    brevity. 

    _______________________________________________ Koha-devel mailing
    list Koha-devel@lists.koha-community.org
    <mailto:Koha-devel@lists.koha-community.org>
    http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
    website : http://www.koha-community.org/ git :
    http://git.koha-community.org/ bugs : http://bugs.koha-community.org/

_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/

_______________________________________________
Koha-devel mailing list
Koha-devel@lists.koha-community.org
http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel
website : http://www.koha-community.org/
git : http://git.koha-community.org/
bugs : http://bugs.koha-community.org/





















					Reply via email to