You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 24 Next »


Wiki Home

Grouper Release Announcements

Grouper Guides

Grouper Deployment Guide

Community Contributions

Internal Developer Resources


 Grouper Security Patches

Date fixed

Affects versions

Patched for versions

Jira

Description and patch

14-Sep-2013

2.1.5 and before

 

GRP-934

Grouper UI is susceptible to CSRF / XSRF Cross site request forgery

16-Aug-2013

1.41.51.62.02.1 (build 0,1,2,3,4)

1.4.21.5.31.6.32.0.32.1.4

GRP-928

Grouper UI allows unauthorized users to view the privileges of other subjects

2-Aug-2013

1.62.02.1 (build 0,1,2,3)

1.6.32.0.32.1.3

GRP-880

Deleting an attributeDef can cause incorrect membership deletes

1-Aug-2013

1.6, 2.0, 2.1 (build 0,1,2,3,4)

1.6.3, 2.0.3, 2.1.4

GRP-911 and GRP-924

Unauthorized users can delete attribute assignments

28-Jul-2013

1.41.51.62.02.1 (build 0,1,2,3,4)

1.4.21.5.31.6.32.0.32.1.4

GRP-923

WS getGrouperPrivilegesLite can return more data than the user should be able to see

22-Dec-2010

1.5 (build 0,1,2,3), 1.6 (build 0,1,2)

1.5.3, 1.6.2

GRP-519

A bug in the Grouper UI allows unauthorized users to view user audit logs by URL manipulation


Error rendering macro 'children'

null

See Also

Grouper Versioning and Support Policy for earlier Grouper releases.

  • No labels