|
|
@@ -65,7 +65,7 @@ No vulnerability disclosure, including partial is allowed for the moment.
|
|
|
ONLY vulnerabilities discovered, when the following setup on tested platform is used, are accepted:
|
|
|
|
|
|
* $dolibarr_main_prod must be set to 1 into conf.php
|
|
|
-* $dolibarr_nocsrfcheck must be kept to the value 1 into conf.php (this is the default value)
|
|
|
+* $dolibarr_nocsrfcheck must be kept to the value 0 into conf.php (this is the default value)
|
|
|
* The module DebugBar must NOT be enabled (by default, this module is not enabled)
|
|
|
* The constant MAIN_SECURITY_CSRF_WITH_TOKEN must be set to 1 into backoffice menu Home - Setup - Other (this protection should be enabled soon by default)
|
|
|
* ONLY security reports on "stable" modules are allowed (troubles into "experimental" and "developement" modules are not accepted).
|
Laurent Destailleur