security update in Fedora EPEL 6 for mrbs

Status: stable 2 years ago

Changes since MRBS 1.6.1:

  • Fixed a number of security issues in MRBS that were disclosed to the project by SySS GmbH, including XSS, CSRF protection and session fixation.
  • Improved behaviour of browser caching in MRBS.
  • Improved localisation, especially the use of colons in labels.
  • Added new config variable $weekdays to define weekdays and weekends, allowing for the possibility that weekdays are not the same as working days.
  • MRBS now restricts form actions which modify data/pass passwords to only accept POSTs.
  • Added the ability to have different period names in each area.
  • Add SAML auth and session schemes, thanks to Jørn Åne.
  • Updated to jQuery 3.2.1 and jQueryUI 1.12.1, which includes XSS fixes.
  • Plus a few other bug fixes/improvements.
  • Dropped support for Internet Explorer 9 and lower.

Comments 6

This update has been submitted for testing by xavierb.

This update has been pushed to testing.

This update has reached 14 days in testing and can be pushed to stable now if the maintainer wishes

This update has been submitted for batched by xavierb.

This update has been submitted for stable by bodhi.

This update has been pushed to stable.

Add Comment & Feedback

Please login to add feedback.

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
Autopush (karma)
Autopush (time)
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 1

00 #1514285 mrbs-1.7.0 is available

Automated Test Results