One of our apps just underwent a security scan, and they complained about
Cross-Site Request Forgery (CSRF) vulnerability.  Yet, i went to google and
found this:

Which seems to say that CSRF was fixed in 1.4 of Wicket.  We're mostly on
1.6.  Is there something we have to do to "turn on" Wicket's CSRF token?  

Sent from:

To unsubscribe, e-mail:
For additional commands, e-mail:

Reply via email to