Actions
Defect #10390
closedMass assignment security vulnerability
Start date:
Due date:
% Done:
0%
Estimated time:
Resolution:
Fixed
Affected version:
Description
There are many security vulnerabilities in Redmine. Some are not dangerous (such as setting created_on and updated_on fields). Some are (posting news to the project you're not allowed to).
Updated by John Yani almost 13 years ago
Updated by Jean-Philippe Lang almost 13 years ago
All actions for non-admin users should now be fixed.
Updated by Jean-Philippe Lang almost 13 years ago
- Category set to Code cleanup/refactoring
- Status changed from New to Closed
- Target version set to 1.3.2
- Resolution set to Fixed
Please next time submit security issues to security at redmine dot org as requested on SubmittingBugs.
Actions