Two CSRF fixes have been made recently. They are not super critical, but anyone using Allura should consider upgrading to latest from git. We should make a release of Allura soon too which would include these.
https://forge-allura.apache.org/p/allura/tickets/7685/ https://forge-allura.apache.org/p/allura/tickets/7942/ If anyone is interested in a formal security list for disclosing issues like this, please let us know. -- Dave Brondsema : [email protected] http://www.brondsema.net : personal http://www.splike.com : programming <><
