...
Date fixed | Affects versions | Patched for versions | Jira | Description and patch |
---|---|---|---|---|
20-Aug-2018 | 2.3 ui patch 44 | Patch for 2.3.0 | GRP-1875 | subject audits should only be seen by grouper admins |
20-Aug-2018 | 2.3 api patch 109 | Patch for 2.3.0 | GRP-1876 | flash cache in groups can allow subjects to view (not read) objects with quick subsequent requests |
20-Jul-2018 | 2.2 and 2.3 | Patch for 2.2.2 and 2.3.0 | GRP-1838 | xsrf problem with /UiV2Public.index |
29-Nov-2015 | 1.4-2.2.2 | Patch for 2.2.2 | GRP-1227 | security issue with subject api init params |
18-Nov-2015 | 2.2.0, 2.2.1, 2.2.2 | Patch for 2.2.2 | GRP-1222 | |
14-Sep-2013 | 2.1.5 and before | Grouper UI is susceptible to CSRF / XSRF Cross site request forgery | ||
16-Aug-2013 | 1.4, 1.5, 1.6, 2.0, 2.1 (build 0,1,2,3,4) | 1.4.2, 1.5.3, 1.6.3, 2.0.3, 2.1.4 | Grouper UI allows unauthorized users to view the privileges of other subjects | |
2-Aug-2013 | 1.6, 2.0, 2.1 (build 0,1,2,3) | 1.6.3, 2.0.3, 2.1.3 | Deleting an attributeDef can cause incorrect membership deletes | |
1-Aug-2013 | 1.6, 2.0, 2.1 (build 0,1,2,3,4) | 1.6.3, 2.0.3, 2.1.4 | ||
28-Jul-2013 | 1.4, 1.5, 1.6, 2.0, 2.1 (build 0,1,2,3,4) | 1.4.2, 1.5.3, 1.6.3, 2.0.3, 2.1.4 | WS getGrouperPrivilegesLite can return more data than the user should be able to see | |
22-Dec-2010 | 1.5 (build 0,1,2,3), 1.6 (build 0,1,2) | 1.5.3, 1.6.2 | A bug in the Grouper UI allows unauthorized users to view user audit logs by URL manipulation |
...