[aur-dev] [HEADS-UP] Breaking AUR helpers
Stefan Husmann
stefan-husmann at t-online.de
Sun Jun 24 12:33:31 EDT 2012
Am 24.06.2012 16:55, schrieb Lukas Fleischer:
> Hi!
>
> I just wanted to let everybody know that I'm about to apply a patch to
> our AUR setup that fixes some CSRF vulnerabilities. This will probably
> break most (all?) AUR helpers (mis)using the AUR HTML interface. AUR
> helpers, that only make use of the RPC interface, won't be affected.
>
> I recommend using the web interface until the affected programs are
> fixed.
When will this happen? Shouldn't it be announced on archlinux.org or language specific counterparts?
Regards Stefan
More information about the aur-dev
mailing list