ldap_integration 6.x-1.0-beta2

Downloads

Download tar.gz 42.13 KB

MD5: 2667c3e0c384fd3cb4a5ef0525d0578e

SHA-1: 5de406c87d21230436a19c0498fc9fa15d0c340d

SHA-256: 5bc0fa96ff395d0b6832995a5b3abdaae168b95d7c3dcdc28883b31a62ee5e48

Download zip 51.81 KB

MD5: d6679b63dd656ca314b530d8d83bf921

SHA-1: 06f7328bd25326347e802682bd9ace5a3dde05a7

SHA-256: ef3b8862f9df4defb8fb6212a1e4e84cebf72a9478216d4a9e54417b62523ca5

Release notes

This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.

Created by: miglius
Created on: 27 Oct 2009 at 14:37 UTC
Last updated: 28 Oct 2009 at 20:58 UTC

6.x-1.0-beta2

Security update

Unsupported

Other releases

View usage statistics for this release

ldap_integration 6.x-1.0-beta2

Downloads

Release notes

Other releases

News items

Our community

Documentation

Drupal code base

Governance of community