Skip to content

@defect defect released this Oct 11, 2017 · 41 commits to master since this release

This version of Collins includes an important security patch, as well as several new features and bug fixes.

The security patch is adding CSRF protection to the various forms of the Collins web UI. Currently, if an attacker can guess (or bruteforce) the asset tags of nodes he or she would be able to create assets, decommission assets, put assets in maintenance, etc. by getting a logged in user to visit a webpage. More information can be found in the pull request (#560).

Here is the full list of merged pull request since the last release. Many thanks to everyone who contributed!

Assets 4
You can’t perform that action at this time.