Apache Allura™

Forge software for hosting software projects

Brought to you by: alexluberg, brondsem, deshani, dill0wn, and 10 others

Search tickets: labels:"security" Maximize Restore

# Sort A -> Z Sort Z -> A	Summary▾ Sort A -> Z Sort Z -> A	Status▾ Sort A -> Z Sort Z -> A Filter by Status	Owner▾ Sort A -> Z Sort Z -> A Filter by Owner	Labels▾ Sort A -> Z Sort Z -> A	Reviewer▾ Sort A -> Z Sort Z -> A	Votes▾ Sort A -> Z Sort Z -> A
8534	set up github codeql	closed	Dave Brondsema	security		0
8526	improve session cookie handling NEEDS CONFIG CHANGES	closed	Dave Brondsema	security		0
8335	Generic search doesn't do permission checks	closed	Dave Brondsema	security		0
8255	Escape html on wiki & blog diff views	closed	Dave Brondsema	security	Kenton Taylor	0
8190	HTTP response splitting vulnerability on return_to param CVE-2018-1319	closed	Dave Brondsema	security	Kenton Taylor	0
8180	StaticFilesMiddleware allows directory traversal	closed	Dave Brondsema	security		0
8153	Stronger no-cache headers	closed	Dave Brondsema	security		0
8140	After password change, change current session id	closed	Dave Brondsema	security		0
8127	Fix how we write the .google_authenticator file	closed	Dave Brondsema	security		0
8126	Rate limiting for two-factor auth	closed	Dave Brondsema	security		0
8125	Require password when confirming new email address	closed	Dave Brondsema	security		0
8121	Show security / audit log to users	open		security		1
8119	U2F for multifactor auth	open		security		0
8118	2FA recovery codes	closed	Dave Brondsema	security		0
8117	Implement core 2FA	closed	Dave Brondsema	security		0
8011	Served SVG images can execute JS	closed	Dave Brondsema	security, sf-2	Heith Seewald	0
7947	XSS vulnerability in link rewriting	closed	Dave Brondsema	security, sf-2	Heith Seewald	0
7942	In project admin - user permissions, removing a custom group needs to use POST	closed	Dave Brondsema	security, sf-1	Heith Seewald	0
7893	CSRF checks don't work on login	closed	Dave Brondsema	security, sf-2	Igor Bondarenko	0
7799	Changing password should invalidate other sessions	closed	Dave Brondsema	security	Igor Bondarenko	0
7786	Invalidate pwd reset tokens after email change	closed	Heith Seewald	security, sf-2	Dave Brondsema	0
7545	return_to param should be validated for relative URLs	closed	Cory Johns	security, sf-1	Dave Brondsema	0

Ticket Number
Summary
Milestone
Status
Owner
Creator
Created
Updated
Labels
Reviewer
Votes

(applies to this page only)

1 2 > >> (Page 1 of 2)