ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

« Previous | Next » 

Revision 2d240fc3

ID: 2d240fc34121252fe87b216b025ee1a671e7239a
Added by Holger Just at 2011-11-30 09:26 pm

[#709] Fix cache poisoning vector if credential caching is enabled.

The cache did not distinguish between cached credentials for read and write
access. As it does not check permissions again if there is a cache hit, users
with authorization for either reading or writing could poison the cache and
subsequently authorize themselves for both access types.

Original fix is by Jean-Philippe Lang, http://www.redmine.org/issues/9567