View Issue Details

IDProjectCategoryView StatusLast Update
0021908mantisbtsecuritypublic2017-02-26 21:19
ReporteratrolAssigned To 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version 
Target Version2.3.0Fixed in Version 
Summary0021908: Weakened security headers in 2.0.x
Description

2.0.x comes with http_csp_add( 'style-src', "'unsafe-inline'" ); in http_api.php.
We don't allow unsafe-inline styles in 1.3.x.

Tagscsp

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2016-11-13 06:45 atrol New Issue
2016-11-14 06:20 atrol Tag Attached: csp
2016-11-27 08:20 dregad Target Version 2.0.0-rc.2 => 2.0.0
2016-12-30 15:56 vboctor Target Version 2.0.0 => 2.0.1
2017-02-01 22:49 vboctor Target Version 2.0.1 => 2.2.0
2017-02-26 21:19 vboctor Target Version 2.2.0 => 2.3.0