[horde] [SECURITY] Horde Groupware Webmail Edition 5.2.11 (final)
Michael J Rubinsky
mrubinsk at horde.org
Mon Nov 2 15:01:28 UTC 2015
Quoting Philip Frei <pjf at gmx.de>:
> Am Wed, 21 Oct 2015 23:43:34 -0400
> schrieb Michael J Rubinsky <mrubinsk at horde.org>:
>> SECURITY: Protect against CSRF attacks on various admin pages.
> Thanks for the updated version and your great work on Horde!
> Unfortunately there isn't an obvios commit log releated to this point on
> Github which makes it a bit harder to backport such changes for distros
> like Debian.
> Is this the relevant commit?
> It would be nice for the future to references security fixes in the
> commit log.
> regards, Philip
Yes, that is the commit.
With "normal" bugs, we reference the public bug tracker ticket number
in the change log, which normally shows the commits. For security
issues, we don't make it obvious that it's a security issue being
fixed when committing since this is publicly view-able before the
release goes out, which leaves existing installations more vulnerable.
If there is an available CVE number, we do post that in the CHANGES
The Horde Project
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5751 bytes
Desc: S/MIME Signature
More information about the horde