Branch: refs/heads/master
Home:
https://github.com/Checkmk/checkmk
Commit: ef3f5f05c2d783cbbbb9864f2eabe57f6a0d9259
https://github.com/Checkmk/checkmk/commit/ef3f5f05c2d783cbbbb9864f2eabe57f6…
Author: Hannes Rantzsch <hannes.rantzsch(a)checkmk.com>
Date: 2024-06-21 (Fri, 21 Jun 2024)
Changed paths:
A .werks/17089.md
M cmk/gui/utils/transaction_manager.py
Log Message:
-----------
17089 SEC Change Transaction ID Format
More secure way to generate the transaction ID
The transaction ID is not intended as a security measure to protect us
from CSRF. Nonetheless, it sometimes saves us when we forgot to check
the CSRF token.
In the interest of best practices, generate it securely using the
secrets module, rather than random.
CMK-17244
Change-Id: I87b5e584b579ea4d5128143d25ad9a81de83bbba
To unsubscribe from these emails, change your notification settings at
https://github.com/Checkmk/checkmk/settings/notifications