Dec. 13, 2021
6:10 p.m.
** Description changed: The fix for CVE-2021-42097 requires that the user submitting a user options form match the user in the CSRF token submitted with the form, but the match is case sensitive and should not be. + + There is also a potential NameError exception in logging a mismatch. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1954694 Title: CSRF check for user tokens should not be case sensitive. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1954694/+subscriptions