On Sun, Jun 24, 2012 at 06:47:09PM +0200, Stefan Husmann wrote: > Am 24.06.2012 18:39, schrieb Dave Reisner: > >On Sun, Jun 24, 2012 at 06:33:31PM +0200, Stefan Husmann wrote: > >>Am 24.06.2012 16:55, schrieb Lukas Fleischer: > >>>Hi! > >>> > >>>I just wanted to let everybody know that I'm about to apply a patch to > >>>our AUR setup that fixes some CSRF vulnerabilities. This will probably > >>>break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR > >>>helpers, that only make use of the RPC interface, won't be affected. > >>> > >>>I recommend using the web interface until the affected programs are > >>>fixed. > >>When will this happen? Shouldn't it be announced on archlinux.org or > >>language specific counterparts? > >> > >>Regards Stefan > >> > >It's already happened. Uploaders who don't cope with this will see an > >error: > > > > Invalid token for user action. > > > >Yes, it would have been nice to see a little more lead time on this but > >honestly the change isn't really so severe. > > > >d > So I guess, burp's new version already reflects this? >
Yep. 1.6.9 sends the extra authentication token needed for this change.
