Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Outdated csrf-magic library #2147

Closed
onlyjob opened this issue Jul 6, 2018 · 5 comments
Closed

Outdated csrf-magic library #2147

onlyjob opened this issue Jul 6, 2018 · 5 comments
Labels
stale

Comments

@onlyjob
Copy link
Contributor

onlyjob commented Jul 6, 2018
edited
Loading

csrf-magic appears to be unmaintained/abandoned upstream. Yet, despite being untouched upstream in years we don't even use the latest version:

https://github.com/ZoneMinder/zoneminder/blob/master/web/includes/csrf/csrf-magic.php#L134

Here I've found v1.0.5: http://repo.or.cz/csrf-magic.git which can be cloned as follows

git clone http://repo.or.cz/csrf-magic.git

Please update it.
@SteveGilvarry
Copy link
Member

SteveGilvarry commented Jul 6, 2018 via email

@onlyjob
Copy link
Contributor Author

onlyjob commented Jul 6, 2018

Thanks. Let's clarify with upstream: ezyang/csrf-magic#14

@stale
Copy link

stale bot commented Sep 4, 2018

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Sep 4, 2018
@stale stale bot closed this as completed Sep 11, 2018
@onlyjob
Copy link
Contributor Author

onlyjob commented Sep 11, 2018

When legitimate bugs are closed like this I feel very discouraged from reporting more and I'm sure I'm not the only one. Closing tickets (without action) does not fix problems or make them go away.
This is just an incompetent bugs handling. :(

@netniV
Copy link

netniV commented Feb 23, 2020

Just for reference, we use stale bot on our repositories too. If someone had responded with 7 days of the warning, it would have stayed open. But I see no point in leaving issues open that aren't active or being worked on.

I'm only here because I just posted an update to the CSRF stuff on my personal fork of it, to add some new features and allow us to move away from sha1 at some point in the future, and was looking at the source open issue list.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@onlyjob @SteveGilvarry @netniV