ChiliProject is not maintained anymore. Please be advised that there will be no more updates.

We do not recommend that you setup new ChiliProject instances and we urge all existing users to migrate their data to a maintained system, e.g. Redmine. We will provide a migration script later. In the meantime, you can use the instructions by Christian Daehn.

« Previous | Next » 

Revision 5e171001

ID: 5e171001bc3a1f623b0bfa9e3cc5c4f37ccbedf2
Added by Holger Just at 2011-11-30 08:29 pm

[#709] Fix cache poisoning vector if credential caching is enabled.

The cache did not distinguish between cached credentials for read and write
access. As it does not check permissions again if there is a cache hit, users
with authorization for either reading or writing could poison the cache and
subsequently authorize themselves for both access types.

Original fix is by Jean-Philippe Lang, http://www.redmine.org/issues/9567