Dear all, I have just released a new version of Dancer2::Plugin::Auth::Extensible.
This contains a number of changes to the return_url functionality (forwarding to a URL after login). In particular: - It fixes a medium-level security vulnerability, whereby return_url could be used for Open URL Redirection attacks[1] with links such as /login?return_url=http://news.bbc.co.uk/ - It fixes a problem with apps mounted on paths where the path was included twice (GH 82 & 74) I've tested fairly thoroughly and I don't think I've broken anything, but let me know if you experience any problems. Regards, Andy [1] https://portswigger.net/kb/issues/00500100_open-redirection-reflected _______________________________________________ dancer-users mailing list dancer-users@dancer.pm http://lists.preshweb.co.uk/mailman/listinfo/dancer-users
