-
Bug
-
Resolution: Fixed
-
Medium
-
2.7
-
None
-
6.8
-
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use.
We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper functionality.
When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in our JSPs.
[CONFSERVER-22707] Admin JSPs don't have XSRF protection
Link | New: This issue details CONFSERVER-25262 [ CONFSERVER-25262 ] |
Link | New: This issue details CONFSERVER-25263 [ CONFSERVER-25263 ] |
Link | New: This issue details CONFSERVER-25264 [ CONFSERVER-25264 ] |
Link | New: This issue details CONFSERVER-25266 [ CONFSERVER-25266 ] |
Link | New: This issue details CONFSERVER-25267 [ CONFSERVER-25267 ] |
Link | New: This issue details CONFSERVER-25269 [ CONFSERVER-25269 ] |
Link | New: This issue details CONFSERVER-25270 [ CONFSERVER-25270 ] |
Link | New: This issue details CONFSERVER-25271 [ CONFSERVER-25271 ] |
Link | New: This issue details CONFSERVER-25272 [ CONFSERVER-25272 ] |
Workflow | Original: JAC Bug Workflow v3 [ 2889896 ] | New: CONFSERVER Bug Workflow v4 [ 2982259 ] |