This is a security release that can't wait any longer.
Affected: all versions
Github Flyspray dev versions between 1.0 alphax and 1.0-beta:
- an accidently introduced bug lead to the possiblity of getting flyspray admin, detected by flyspray devs.
All versions before 1.0 alphax:
- now HttpOnly cookies and secure cookies (for servers with a valid ssl cert)
- Anti-CSRF system implemented
Both make it harder to takeover a user session or trick an authenticated flyspray user to execute damaging actions in Flyspray. (like deleting himself for instance ;-))
- 1300 commits in 2015 mainly targeting completing existing features and bug fixes.
Wanted
Peoples testing this version and giving detailed feedback on bugs.flyspray.org.
peterdd