These are all public in the queues, but creating this meta to help website administrators. I have not parse all 200 or so open bug reports for others.

#2542432 quickly checks what appears to be some false hits, but a second pair of eyes on these would be good.

#2077127: Potential WASC-19 SQL Injection
#2542432: CrossRef data should be sanitized
#2855901: Use security tokens in admin links

Strange "safe" security issue, the code can't actually run on a Drupal 7 installation.

#2856487: Drupal 7 biblio_update_6026() is broken

Comments

Alan D. created an issue. See original summary.

Alan D.’s picture

Title: Security Vulnerabilities » Biblio Security Vulnerabilities
Alan D.’s picture

Issue tags: +Security
Liam Morland’s picture

I have just joined this project as maintainer. Fixing security issues is now my top priority. If you want to help, review and mark RTBC the security issues.

Liam Morland’s picture

The only identified security issue remaining is #2077127: Potential WASC-19 SQL Injection. Please review the comments there; I don't think there is actually a security issue there. I would appreciate a second set of eyes reviewing that.

Liam Morland’s picture

Status: Active » Fixed

The final issue is fixed.

Alan D.’s picture

Nice work :)

Me think I'm going to have some fun merging dev back into all my mods....

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.