13 Dec
2021
13 Dec
'21
7:10 p.m.
** Description changed:
The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. + + There is also a potential NameError exception in logging a mismatch.
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1954694
Title:
CSRF check for user tokens should not be case sensitive.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions