[jira] [Commented] (OFBIZ-10427) Add a mean to handle CSRF (CVE-2019-0235)

Jacques Le Roux (Jira) Sat, 14 Sep 2019 02:53:37 -0700


    [ 
https://issues.apache.org/jira/browse/OFBIZ-10427?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16929737#comment-16929737
 ]


Jacques Le Roux commented on OFBIZ-10427:
-----------------------------------------

(flag)
As long as this issue is not fixed, I recommend all users with any version to 
use
https://www.owasp.org/index.php/CSRFProtector_Project#tab=Apache_Module


> Add a mean to handle CSRF (CVE-2019-0235)
> -----------------------------------------
>
>                 Key: OFBIZ-10427
>                 URL: https://issues.apache.org/jira/browse/OFBIZ-10427
>             Project: OFBiz
>          Issue Type: Sub-task
>          Components: framework
>    Affects Versions: Trunk
>            Reporter: Jacques Le Roux
>            Assignee: Jacques Le Roux
>            Priority: Minor
>         Attachments: webtools_web.xml.patch
>
>
> I already worked on that in OFBiz but without success so far: 
> https://markmail.org/message/r245yie623cdo3wz)
> The tracks I explored are:
> * https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project (really 
> not simple in OFBiz)
> * 
> https://tomcat.apache.org/tomcat-8.5-doc/config/filter.html#CSRF_Prevention_Filter/Introduction
>  (I think preferred)



--
This message was sent by Atlassian Jira
(v8.3.2#803003)

[jira] [Commented] (OFBIZ-10427) Add a mean to handle CSRF (CVE-2019-0235)

Reply via email to