[shib_auth] DRUPAL-SA-CONTRIB-2015-028
Kristof Bajnok
bajnokk at niif.hu
Thu Jan 22 18:23:55 CET 2015
On 2015-01-22 16:03, Partyka, Jason A. wrote:
> This morning I saw that DRUPAL-SA-CONTRIB-2015-028 was issued about a
> CSRF attack that involves the shib_auth module. I've been attempting
> to learn about this issue by going through the changelog to determine
> when this fix was made, but the last commit was made on November 7,
> 2014. So I'm a bit perplexed as to when this was actually fixed. The
> changelog seems to suggest that this issue was fixed somewhere in the
> dev branches, but a release was never made. Or am I looking in the
> wrong place?
Oh, by mistake I forgot to commit to the -dev branches. Big thanks for
pointing this out!
Kristof
More information about the shib_auth
mailing list