Download Size md5 hash
ldap_integration-5.x-1.5.tar.gz 30.26 KB 541ca5559f6c5c406c356a5f082dc489
ldap_integration-5.x-1.5.zip 36.92 KB 501767056ec9df548b0ca99e8e21920b
Official release from tag: 5.x-1.5
Last updated: December 24, 2010 - 23:16

This release fixes:
* The LDAP integration module does not implement a confirmation pages for the LDAP server activation/deactivation which could cause a CSRF attack.
* A user defined server name is not properly escaped on the administration pages which might lead to a XSS attacks.
* The user's LDAP data is not properly access controlled before displaying it in the user profile pages which allows unauthorized view of the data.
* Some user management access rules are ignored during the authentication process.