On Sun, Jun 24, 2012 at 06:33:31PM +0200, Stefan Husmann wrote: > Am 24.06.2012 16:55, schrieb Lukas Fleischer: > >Hi! > > > >I just wanted to let everybody know that I'm about to apply a patch to > >our AUR setup that fixes some CSRF vulnerabilities. This will probably > >break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR > >helpers, that only make use of the RPC interface, won't be affected. > > > >I recommend using the web interface until the affected programs are > >fixed. > When will this happen? Shouldn't it be announced on archlinux.org or language > specific counterparts? > > Regards Stefan >
It's already happened. Uploaders who don't cope with this will see an error: Invalid token for user action. Yes, it would have been nice to see a little more lead time on this but honestly the change isn't really so severe. d
