[pmg-devel] [PATCH pmg-api 0/2] use hmac_sha_256 for csrf token

Stoiko Ivanov s.ivanov at proxmox.com
Fri Aug 16 16:02:21 CEST 2019

This patch-series initially was sent out by Oguz [0] and discussed in [1].

I tried to wrap my head around it and test it some (see commit messag of 2/2)

After applying this (also to a future stable-5 branch we could consider also
releasing libpve-common-perl 5.0-54 for PMG (it's currently on 5.0-52, and I
assume it's due to this missing link).

My tests were done on a PMG 5.2 with 5.0-54.

[0] https://pve.proxmox.com/pipermail/pmg-devel/2019-June/000447.html
[1] https://pve.proxmox.com/pipermail/pmg-devel/2019-July/000460.html

Stoiko Ivanov (2):
  use hmac_sha_256 for csrf token
  improve csrf backward compatibility

 src/PMG/Ticket.pm | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)


More information about the pmg-devel mailing list