[jira] [Resolved] (JSPWIKI-1075) Add CSRF protection

Jira Fri, 05 Aug 2022 01:26:08 -0700


     [ 
https://issues.apache.org/jira/browse/JSPWIKI-1075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Juan Pablo Santos Rodríguez resolved JSPWIKI-1075.
--------------------------------------------------
    Fix Version/s: 2.11.3
       Resolution: Fixed

Was done as part of 2.11.3.

> Add CSRF protection
> -------------------
>
>                 Key: JSPWIKI-1075
>                 URL: https://issues.apache.org/jira/browse/JSPWIKI-1075
>             Project: JSPWiki
>          Issue Type: Bug
>            Reporter: Albrecht Striffler
>            Priority: Major
>             Fix For: 2.11.3
>
>
> As far as I can tell, JSPWIKI currently lacks protection agains Cross-Site 
> Request Forgery (CSRF). Are there plans (or previous work) to add for example 
> some additional session token to prevent CSRF?
> I'm willing to contribute here, but some general discussion about how and 
> where to implement this would be helpful. 
> More info about CSRF here: 
> [https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet]



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Resolved] (JSPWIKI-1075) Add CSRF protection

Reply via email to