[
https://jira.codehaus.org/browse/MRM-1529?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=280490#comment-280490
]
Olivier Lamy commented on MRM-1529:
-----------------------------------
euh OMMITW :-)
> CSRF checks are not working properly and cause operations to fail
> -----------------------------------------------------------------
>
> Key: MRM-1529
> URL: https://jira.codehaus.org/browse/MRM-1529
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.4-M1
> Reporter: Brett Porter
> Priority: Blocker
> Fix For: 1.4-M1
>
>
> It seems the upgrade of Struts caused a problem with the token check.
> I tried to grant the guest user "manager" permission on a repository, and it
> always fails a CSRF check, where it does not on 1.3.5.
> I also tried to remove a permission from a repository and had the same
> problem. I had not visited other Archiva pages in the mean time.
> All pages using token may need to be reviewed.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
