[idempiere/idempiere] 525531: IDEMPIERE-6809 Session Fixation Vulnerability in i...
0 views
Skip to first unread message
Carlos Ruiz
Jan 31, 2026, 1:18:30 PM (10 days ago) Jan 31
to idempi...@googlegroups.com
Branch: refs/heads/master
Home: https://github.com/idempiere/idempiere
Commit: 525531098c7013148fa4e2aec736ddb37de25768
https://github.com/idempiere/idempiere/commit/525531098c7013148fa4e2aec736ddb37de25768
Author: Carlos Ruiz <car...@gmail.com>
Date: 2026-01-31 (Sat, 31 Jan 2026)
Changed paths:
M org.adempiere.base/src/org/compiere/model/MSysConfig.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/AdempiereWebUI.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/ValidateMFAPanel.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/util/FeedbackManager.java
M org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java
M org.idempiere.webservices/WEB-INF/src/org/idempiere/webservices/AbstractService.java
Log Message:
-----------
IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI (#3081)
- adding SysConfig ZK_SESSION_SAVE_JSESSIONID and ZK_SESSION_SAVE_USER_AGENT to avoid saving sensitive security information
To unsubscribe from these emails, change your notification settings at https://github.com/idempiere/idempiere/settings/notifications
Home: https://github.com/idempiere/idempiere
Commit: 525531098c7013148fa4e2aec736ddb37de25768
https://github.com/idempiere/idempiere/commit/525531098c7013148fa4e2aec736ddb37de25768
Author: Carlos Ruiz <car...@gmail.com>
Date: 2026-01-31 (Sat, 31 Jan 2026)
Changed paths:
M org.adempiere.base/src/org/compiere/model/MSysConfig.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/AdempiereWebUI.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/panel/ValidateMFAPanel.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/util/FeedbackManager.java
M org.idempiere.webservices/WEB-INF/src/org/idempiere/adinterface/CompiereService.java
M org.idempiere.webservices/WEB-INF/src/org/idempiere/webservices/AbstractService.java
Log Message:
-----------
IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI (#3081)
- adding SysConfig ZK_SESSION_SAVE_JSESSIONID and ZK_SESSION_SAVE_USER_AGENT to avoid saving sensitive security information
To unsubscribe from these emails, change your notification settings at https://github.com/idempiere/idempiere/settings/notifications
Reply all
Reply to author
Forward
0 new messages