Update to version 1.2.2

4 views

Skip to first unread message

Steve Moitozo II

unread,

Dec 10, 2013, 1:09:15 PM12/10/13

to drupa...@googlegroups.com

All users of the drupalauth:External authsource are strongly encouraged to upgrade to version 1.2.2 <http://code.google.com/p/drupalauth/downloads/list>

All installations of drupalauth using the drupalauth:External authsource, previous to version 1.2.2, are vulnerable to an attack involving manipulation of a cookie which could lead to user impersonation. This defect was identified and reported by Alan Barrett (thanks Alan). Modifications have been made to resolve this defect. Version 1.2.2 is now available for download.

Changes in this release are focused on this defect as a result the only files modified are:

drupal_module/drupalauth4ssp/drupalauth4ssp.module
lib/Auth/Source/External.php

Upgrading is as simple as replacing these two files.

-S2

Steve Moitozo II

Reply all

Reply to author

Forward

0 new messages