Hi Shenavi, We have issued a patch to prevent CSRF attacks in all the products based on carbon 4.2.0. Please apply the patch [1] .
[1] WSO2-CARBON-PATCH-4.2.0-1464 - http://product-dist.wso2.com/downloads/carbon/4.2.0/WSO2-CARBON-PATCH-4.2.0-1464.zip?utm_source=pagedirect&utm_medium=product&utm_campaign=sp_page_4.2.0-1464 On Tue, Nov 29, 2016 at 9:57 PM, Shenavi de Mel <[email protected]> wrote: > Hi All > > In an attempt to mitigate the CSRF attacks from jaggery apps using > application server 5.2.1 it was reccomended to use the CSRF attacks > following the guide to Implement CSRF prevention based on OWASP CSRFGuard > [1]. But it was mentioned that this is supported for products with kernal > version 4.4.6 and after and also jaggery version should be 0.12.6. > > Are there any patches issued to prevent these attacks for jaggery apps > using application server 5.2.1? Or what is the best approach to follow to > avoid these attacks with the versions I am using? Your input on this would > be highly appreciated. > > [1] https://docs.wso2.com/display/ADMIN44x/Mitigating+ > Cross+Site+Request+Forgery+Attacks > > > Thanks and Regards > Shenavi > > *Shenavi de Mel* > Software Engineer > WSO2 Inc: http://wso2.com > email: [email protected] > > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Prakhash Sivakumar Software Engineer | WSO2 Inc Platform Security Team Mobile : +94771510080 Blog : https://medium.com/@PrakhashS
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
