<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Hi Filip,</p>
<p>I think the release note is related to</p>
<p><a class="moz-txt-link-freetext" href="https://github.com/alkacon/opencms-core/commit/bea871a767a7c4c7edc34004a17710121df60cd7">https://github.com/alkacon/opencms-core/commit/bea871a767a7c4c7edc34004a17710121df60cd7</a></p>
<p>Best, Daniel.<br>
</p>
<div class="moz-cite-prefix">Am 17.06.19 um 10:58 schrieb
<a class="moz-txt-link-abbreviated" href="mailto:Filip.Kratochvil@ibacz.eu">Filip.Kratochvil@ibacz.eu</a>:<br>
</div>
<blockquote type="cite"
cite="mid:OF7BF6AE46.74A9AAAB-ONC125841C.0031567E-C125841C.003157CE@ibacz.eu">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font size="2" face="Default Sans
Serif,Verdana,Arial,Helvetica,sans-serif">
<div>Hi guys,</div>
<div><br>
</div>
<div>i have a question about CSRF security issue in older
OpenCms versions.</div>
<div><br>
</div>
<div>According to release notes for OpenCms 10.5.4, i think that
problem should be resolved:</div>
<div><a
href="http://www.opencms.org/en/news/180517-opencms-v1054.html"
moz-do-not-send="true">http://www.opencms.org/en/news/180517-opencms-v1054.html</a></div>
<div><br>
</div>
<div>"Improved security by using a client id token to prevent
session hijacking."</div>
<div><br>
</div>
<div>I have to know in detail, how is it resolved (i need to
aprove it). I checked headers/cookies in administration
(during manipulation with user groups) and i don't see any
unique token/id which send to the server.</div>
<div><br>
</div>
<div>Can someone explain how it works please (you can send me to
link to the GitHub commits in OpenCms 10.5.4 - we can compare
it with OpenCms 10.5.3.)?</div>
<div><br>
</div>
<div>I know that old-styled workplace was removed in OpenCms 11,
but we have to check all options... Thank you in advance.</div>
<div><br>
S pozdravem / Kind regards<br>
<br>
Filip Kratochvil<br>
Web & Portal Consultant<br>
<br>
IBA CZ, s.r.o.<br>
Office: Radlická 751/113e, 158 00 Praha, CZ<br>
Phone: +420 777 366 998<br>
E-mail: <a href="mailto:filip.kratochvil@ibacz.eu"
moz-do-not-send="true">filip.kratochvil@ibacz.eu</a></div>
<div><br>
<hr>Disclaimer:<br>
<br>
The information contained in this communication is intended
solely for the use of the individual or entity to whom it is
addressed and others authorized to receive it.<br>
It may contain confidential or legally privileged information.<br>
If you are not the intended recipient you are hereby notified
that any disclosure, copying, distribution or taking any
action in reliance on the contents of this information is
strictly prohibited and may be unlawful.<br>
If you have received this communication in error, please
notify us immediately by forwarding this email to <a class="moz-txt-link-abbreviated" href="mailto:ict@ibacz.eu">ict@ibacz.eu</a>
and then delete it from your system.<br>
IBA Group is neither liable for the proper and complete
transmission of the information contained in this
communication nor for any delay in its receipt.<br>
</div>
</font>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
This mail is sent to you from the opencms-dev mailing list
To change your list options, or to unsubscribe from the list, please visit
<a class="moz-txt-link-freetext" href="http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev">http://lists.opencms.org/cgi-bin/mailman/listinfo/opencms-dev</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Kind Regards,
Daniel.
-------------------
Daniel Seidel
Alkacon Software GmbH & Co. KG - The OpenCms Experts
<a class="moz-txt-link-freetext" href="http://www.alkacon.com">http://www.alkacon.com</a> - <a class="moz-txt-link-freetext" href="http://www.opencms.org">http://www.opencms.org</a> </pre>
</body>
</html>