Grouper Security Patches
Date fixed |
Affects versions |
Patched for versions |
Jira |
Description and patch |
---|---|---|---|---|
14-Sep-2013 |
2.1.5 and before |
|
Grouper UI is susceptible to CSRF / XSRF Cross site request forgery |
|
16-Aug-2013 |
1.4, 1.5, 1.6, 2.0, 2.1 (build 0,1,2,3,4) |
1.4.2, 1.5.3, 1.6.3, 2.0.3, 2.1.4 |
Grouper UI allows unauthorized users to view the privileges of other subjects |
|
2-Aug-2013 |
1.6, 2.0, 2.1 (build 0,1,2,3) |
1.6.3, 2.0.3, 2.1.3 |
Deleting an attributeDef can cause incorrect membership deletes |
|
1-Aug-2013 |
1.6, 2.0, 2.1 (build 0,1,2,3,4) |
1.6.3, 2.0.3, 2.1.4 |
||
28-Jul-2013 |
1.4, 1.5, 1.6, 2.0, 2.1 (build 0,1,2,3,4) |
1.4.2, 1.5.3, 1.6.3, 2.0.3, 2.1.4 |
WS getGrouperPrivilegesLite can return more data than the user should be able to see |
|
22-Dec-2010 |
1.5 (build 0,1,2,3), 1.6 (build 0,1,2) |
1.5.3, 1.6.2 |
A bug in the Grouper UI allows unauthorized users to view user audit logs by URL manipulation |
See Also
Grouper Versioning and Support Policy for earlier Grouper releases.