[Rt-commit] rt annotated tag, rt-4.0.6rc2, created. rt-4.0.6rc2
Alex Vandiver
alexmv at bestpractical.com
Tue May 22 12:16:16 EDT 2012
The annotated tag, rt-4.0.6rc2 has been created
at 0794de5c00009258427e4874bbe3eadd5dd0f598 (tag)
tagging b770e5f8abc6418ca8cb8e592287af535bd72249 (commit)
replaces rt-4.0.6rc1
tagged by Alex Vandiver
on Fri May 4 17:09:31 2012 -0400
- Log -----------------------------------------------------------------
release 4.0.6rc2
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEABECAAYFAk+7abEACgkQMflWJZZAbqAUewCfR1ZobRm/+vg2l8XEseQPN2e6
95IAmwVuIKtHiE3yhMQnABZ5XY7iePAG
=EQQG
-----END PGP SIGNATURE-----
Alex Vandiver (11):
Allow the homepage refresh argument as an idempotent query parameter
Abstract out creation of request tokens which bypass CSRF
Rename LogoutURL to the more general-use RefreshURL
Add a global argument which contains the decoded $m->request_args
Override $DECODED_ARGS with the (decoded) arguments from the CSRF token
Merge branch 'security/4.0/interstitial-path' into 4.0.6-releng
Clean up the error message in a common case of no explicit whitelisted hosts
Set the refresh URL on ticket results to a CRSF-safe one
Merge branch 'security/4.0/refresh-csrf' into 4.0.6-releng
Merge branch 'security/4.0/csrf-menuing' into 4.0.6-releng
Merge branch 'security/4.0/whitelist-csrf-referrer' into 4.0.6-releng
Jim Brandt (1):
Add WebPath to link created on CSRF interstitial page.
Kevin Falcone (4):
Fix a simple typo
Switch to our so that extensions can whitelist components
Add a new ReferrerWhitelist config option
Document how to pull from the error into the config
-----------------------------------------------------------------------
More information about the Rt-commit
mailing list