Difference between revisions of "Security Alert Fixes"

Revision as of 08:54, 13 April 2016

Place to record and track OpenEMR security alerts and their fixes (in chronological order from earlier to later):

The first two items likely still exist. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The last 2 items will are fixed in most recent 4.1.1 patch and dev version.

The first item is same as the arbitrary file upload vulnerability item reported above and has been fixed in most recent 4.1.1 patch and dev version.
The second item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The third item is fixed in most recent 4.1.1 patch and dev version.
The fourth item likely still exists. A user needs to be authenticated(logged in) into OpenEMR to be able to do this; note a codebase refactoring is currently underway to fix these types of vulnerabilities.
The fifth item is fixed in most recent 4.1.1 patch and dev version.
The sixth item is fixed in most recent 4.1.1 patch and dev version.
The seventh item is fixed in most recent 4.1.1 patch and dev version.
The eighth item is fixed in most recent 4.1.1 patch and dev version.

TODO:

Systematically go through the https://cve.mitre.org/find/index.html site to ensure all vulnerabilities have been addressed.

@@ Line 35: / Line 35: @@
 <br>
 :'''TODO''':
-:*Systematically go through the http://osvdb.org/ site to ensure all vulnerabilities have been addressed.
+:*Systematically go through the https://cve.mitre.org/find/index.html site to ensure all vulnerabilities have been addressed.
 <br>
 <br>
 [[Category:Security]][[Category:Developer Guide]]