View Issue Details

IDProjectCategoryView StatusLast Update
0021908mantisbtsecuritypublic2017-10-08 23:55
ReporteratrolAssigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version 
Target Version2.8.0Fixed in Version 
Summary0021908: Weakened security headers in 2.0.x
Description

2.0.x comes with http_csp_add( 'style-src', "'unsafe-inline'" ); in http_api.php.
We don't allow unsafe-inline styles in 1.3.x.

Tagscsp

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-11-13 06:45 atrol New Issue
2016-11-14 06:20 atrol Tag Attached: csp
2016-11-27 08:20 dregad Target Version 2.0.0-rc.2 => 2.0.0
2016-12-30 15:56 vboctor Target Version 2.0.0 => 2.0.1
2017-02-01 22:49 vboctor Target Version 2.0.1 => 2.2.0
2017-02-26 21:19 vboctor Target Version 2.2.0 => 2.3.0
2017-04-01 00:20 vboctor Target Version 2.3.0 => 2.4.0
2017-04-30 14:53 vboctoradmin Target Version 2.4.0 => 2.5.0
2017-06-04 16:19 atrol Target Version 2.5.0 => 2.6.0
2017-09-03 18:49 vboctor Target Version 2.6.0 => 2.7.0
2017-10-08 23:55 vboctor Target Version 2.7.0 => 2.8.0