Log Message: |
JCR-4009: CSRF in Jackrabbit-Webdav (ported to 2.4) (CVE-2016-6801)
CSRFUtil: properly parse content types (handle params, normalize, handle case differences also multiple field instances), handle missing content type header field, handle partial-URI in referer, DEBUG logging
WebDAV servlet: disable bogus POST support
Davex: include Referer header field in POST requests used for davex remoting
|