[idempiere/idempiere] afdd81: IDEMPIERE-6809 Session Fixation Vulnerability in i...
0 views
Skip to first unread message
Carlos Ruiz
Feb 7, 2026, 7:06:32 AM (3 days ago) Feb 7
to idempi...@googlegroups.com
Branch: refs/heads/master
Home: https://github.com/idempiere/idempiere
Commit: afdd813bbda45d121ce9541f2e7a99b8e15535a0
https://github.com/idempiere/idempiere/commit/afdd813bbda45d121ce9541f2e7a99b8e15535a0
Author: Carlos Ruiz <car...@gmail.com>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
A migration/iD12/oracle/202601312233_IDEMPIERE-6809.sql
A migration/iD12/postgresql/202601312233_IDEMPIERE-6809.sql
M org.adempiere.base/src/org/compiere/model/MSysConfig.java
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentacceptlanguage.xml
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentipaddress.xml
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentuseragent.xml
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/SessionFingerprintFilter.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/AcceptLanguageFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/FingerprintValidationResult.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/IPAddressFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/ISessionFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/SessionFingerprintManager.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/UserAgentFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/package-info.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/window/LoginWindow.java
M org.adempiere.ui.zk/WEB-INF/web.xml
M org.adempiere.ui.zk/build.properties
Log Message:
-----------
IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI (#3082)
* IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI
* - implement fixes suggested by coderabbitai
* - add severe log also when terminating the session
* - make the System Issue Report window advanced, it can contain sensitive information in the logs
* - fix NPE
To unsubscribe from these emails, change your notification settings at https://github.com/idempiere/idempiere/settings/notifications
Home: https://github.com/idempiere/idempiere
Commit: afdd813bbda45d121ce9541f2e7a99b8e15535a0
https://github.com/idempiere/idempiere/commit/afdd813bbda45d121ce9541f2e7a99b8e15535a0
Author: Carlos Ruiz <car...@gmail.com>
Date: 2026-02-07 (Sat, 07 Feb 2026)
Changed paths:
A migration/iD12/oracle/202601312233_IDEMPIERE-6809.sql
A migration/iD12/postgresql/202601312233_IDEMPIERE-6809.sql
M org.adempiere.base/src/org/compiere/model/MSysConfig.java
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentacceptlanguage.xml
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentipaddress.xml
A org.adempiere.ui.zk/OSGI-INF/fingerprintcomponentuseragent.xml
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/SessionFingerprintFilter.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/AcceptLanguageFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/FingerprintValidationResult.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/IPAddressFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/ISessionFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/SessionFingerprintManager.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/UserAgentFingerprintComponent.java
A org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/session/fingerprint/package-info.java
M org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/window/LoginWindow.java
M org.adempiere.ui.zk/WEB-INF/web.xml
M org.adempiere.ui.zk/build.properties
Log Message:
-----------
IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI (#3082)
* IDEMPIERE-6809 Session Fixation Vulnerability in iDempiere WebUI
* - implement fixes suggested by coderabbitai
* - add severe log also when terminating the session
* - make the System Issue Report window advanced, it can contain sensitive information in the logs
* - fix NPE
To unsubscribe from these emails, change your notification settings at https://github.com/idempiere/idempiere/settings/notifications
Reply all
Reply to author
Forward
0 new messages