Uh..., probably it is not so good to publish security issues on a public list. The official way is https://koha-community.org/security/ <https://koha-community.org/security/> if I'm not wrong. sb
> On 15 Mar 2017, at 16:57, Devinim Koha Development Team > <kohadevi...@devinim.com.tr> wrote: > > Hi, > > In that case we can reach the user detailed information without giving a > password by curl. > > If you want we can share the code how to get this information without > authentication, from this list. > > On 15-03-2017 18:50, Jonathan Druart wrote: >> Hi, >> >> authnotrequired is set to 1 because opac-memberentry.pl >> <http://opac-memberentry.pl/> is also used by the self registration feature. >> The patron information displayed is based on the logged in user, not a >> parameter passed to the script. >> >> Everything looks ok to me. >> >> Regards, >> Jonathan >> >> On Wed, 15 Mar 2017 at 12:18 Devinim Koha Development Team >> <kohadevi...@devinim.com.tr <mailto:kohadevi...@devinim.com.tr>> wrote: >> Hi all, >> >> In the opac-memberentry.pl <http://opac-memberentry.pl/> authnotrequired >> area is 1 by default, in that case, user information can be reached without >> given a user authentication >> and this can lead some vulnerabilites, do we miss something? We were not >> able to understand why it is 1 by default? >> >> Thanks. >> On 14-03-2017 11:33, Chris Cormack wrote: >>> Hi, >>> >>> Normally once they are released the release maintainer shifts them out of >>> security. That one got missed, shifted now >>> >>> Chris >>> >>> On 14 March 2017 9:13:51 PM NZDT, Devinim Koha Development Team >>> <kohadevi...@devinim.com.tr> <mailto:kohadevi...@devinim.com.tr> wrote: >>> Hi all, >>> >>> How can we see the fixes of security bugs? >>> >>> We've faced with a vulnerability with Bug# 16969 in a new version, but >>> it's said that it was fixed in 3.22.10. >>> >>> >>> Thanks. >>> >>> Devinim Koha Dev. Team >>> >>> >>> Koha-devel mailing list >>> Koha-devel@lists.koha-community.org >>> <mailto:Koha-devel@lists.koha-community.org> >>> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel >>> <http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel> >>> website : http://www.koha-community.org <http://www.koha-community.org/>/ >>> git : http://git.koha-community.org <http://git.koha-community.org/>/ >>> bugs : http://bugs.koha-community.org <http://bugs.koha-community.org/>/ >>> -- Sent from my Android device with K-9 Mail. Please excuse my brevity. >> _______________________________________________ Koha-devel mailing list >> Koha-devel@lists.koha-community.org >> <mailto:Koha-devel@lists.koha-community.org> >> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel >> <http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel> >> website : http://www.koha-community.org/ <http://www.koha-community.org/> >> git : http://git.koha-community.org/ <http://git.koha-community.org/>bugs : >> http://bugs.koha-community.org/ <http://bugs.koha-community.org/> >> _______________________________________________ >> Koha-devel mailing list >> Koha-devel@lists.koha-community.org >> <mailto:Koha-devel@lists.koha-community.org> >> http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel >> <http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel> >> website : http://www.koha-community.org/ <http://www.koha-community.org/> >> git : http://git.koha-community.org/ <http://git.koha-community.org/> >> bugs : http://bugs.koha-community.org/ >> <http://bugs.koha-community.org/>_______________________________________________ > Koha-devel mailing list > Koha-devel@lists.koha-community.org > http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel > website : http://www.koha-community.org/ > git : http://git.koha-community.org/ > bugs : http://bugs.koha-community.org/
_______________________________________________ Koha-devel mailing list Koha-devel@lists.koha-community.org http://lists.koha-community.org/cgi-bin/mailman/listinfo/koha-devel website : http://www.koha-community.org/ git : http://git.koha-community.org/ bugs : http://bugs.koha-community.org/
