Oliver Welter
Oliver Welter
When a user opens multiple pages in the browser and the session is renewed in one of them, the XSS token is changed. Pages in other tabs cause a "invalid...
The workflow UI does not check if values submitted for e.g. select boxes or static/hidden fields are valid. An attacker can easily forge a request and "inject" unexpected data if...
When the workflow result list is enriched with attributes or uses template rendering, one or more calls are made for each item in the result list which leads to a...
When setting the log level to TRACE in the Webui you see a lot of large blocks blocks from the session handler which makes the logs very clumsy. This should...
Using the page=redirect! syntax accepts external url paths which can be used to redirect users to external sites using an internal link.
if a workflow has multiple buttons, they start to wrap at the end of the line which often leads to separation of logical groups of buttons. The second line is...
e.g. get_cert_identifier fails when the passed PEM block contains \r
The issueCertificate/issueCRL methods support the "pause on error" logic but there are several errors that are unrecoverable and therefore should not go into pause.
The option to override the certificates validity for the aliases can lead to the situation that the chain certificates for the "current" signer are not considered "active" which leads to...
The loader in O::Config::Backend fails with a YAML error but error message is given