Dear all,
With latest GIT head I’m unable to upload plugins via the admin console of Openfire. Is this the same for everyone?
I did a little manual git bisection and as far as I can tell it seems to have been broken by this commit:
OF-777 CVE-2015-6973 CSRF protection (part 4) · igniterealtime/Openfire@7c49987 · GitHub
The version before still allows file upload.
For what it’s worth, I can get file upload to work if I comment out the CSRF cookie tests in plugin-admin.jsp:65
Cheers,
Dan