These have been fixed.
- martin
Post a reply
Before posting, please read how to report bug or request support effectively.
Bug reports without an attached log file are usually useless.
Topic review
- ridera
I'm not really concerned about the "old" reports. I just asked:
"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."
However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
etc.
"I assume the old report was false or you've fixed it. Would you comment on this to ease my concern."
However, per your request, just to cite a handful. Google "cross site request forgery winscp" and dozens show up:
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
<invalid hyperlink removed by admin>
etc.
- martin
Re: Cross-site request forgery CSRF
Please post a reference to the report.
- ridera
Cross-site request forgery CSRF
I found WinSCP was vulnerable to CSRF in a report several years old.
But, I can't find a ref to it on your site.
I assume the old report was false or you've fixed it.
Would you comment on this to ease my concern.
Great product, use it all the time.
But, I can't find a ref to it on your site.
I assume the old report was false or you've fixed it.
Would you comment on this to ease my concern.
Great product, use it all the time.