<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:21:17 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-2524] Security Audit raised issues</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-2524</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;div class=&apos;table-wrap&apos;&gt;
&lt;table class=&apos;confluenceTable&apos;&gt;&lt;tbody&gt;
&lt;tr&gt;
&lt;th class=&apos;confluenceTh&apos;&gt; Title &lt;/th&gt;
&lt;th class=&apos;confluenceTh&apos;&gt; Related JIRA &lt;/th&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Lack of Authentication Checks on /_/proxy/* &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;OKAPI-767&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/OKAPI-767&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;permissionsRequired required (securing APIs by default)&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10322?size=medium&quot; /&gt;
            OKAPI-767
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Denial of Service Via CQL Queries &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2563&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2563&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;SPIKE: propose prevention of DoS via CQL query&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2563
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; HTTP Response Header Injection &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2564&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2564&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;investigate HTTP Response Header injection&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2564
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; No Expiration on JSON Web Tokens &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2556&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2556&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;SPIKE: investigate refresh tokens support in FOLIO&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-2556
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Arbitrary URL Redirection in SAML Response &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-58&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-58&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Arbitrary URL Redirection in SAML Response&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            MODLOGSAML-58
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Misleading Permission Set Configuration &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-2565&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-2565&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Misleading Permission Set Configuration&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-2565
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Cross-Site Request Forgery (CSRF) in SSO Flow &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;MODLOGSAML-59&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/MODLOGSAML-59&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Umbrella: Cross-Site Request Forgery (CSRF) in SSO Flow&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            MODLOGSAML-59
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; User Enumeration &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Low TODO &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Denial of Service Through User Lockout &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Low TODO &lt;/td&gt;
&lt;/tr&gt;
&lt;tr&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Server Headers Reveal Excessive Information &lt;/td&gt;
&lt;td class=&apos;confluenceTd&apos;&gt; Low TODO &lt;/td&gt;
&lt;/tr&gt;
&lt;/tbody&gt;&lt;/table&gt;
&lt;/div&gt;
</description>
                <environment></environment>
        <key id="79617">FOLIO-2524</key>
            <summary>Security Audit raised issues</summary>
                <type id="10006" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10307?size=medium">Umbrella</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="1" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/open.png" description="The issue is open and ready for the assignee to start work on it.">Open</status>
                    <statusCategory id="2" key="new" colorName="blue-gray"/>
                                    <resolution id="-1">Unresolved</resolution>
                                                        <assignee accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</assignee>
                                                                <reporter accountid="557058:b8e64633-1f7c-402d-9caf-9959a5ba5d0d">Jakub Skoczen</reporter>
                                    <labels>
                            <label>platform-backlog</label>
                    </labels>
                <created>Mon, 23 Mar 2020 07:53:31 +0000</created>
                <updated>Wed, 24 Mar 2021 17:21:45 +0000</updated>
                                                                                <due></due>
                            <votes>0</votes>
                                    <watches>5</watches>
                                                                    <issuelinks>
                            <issuelinktype id="10000">
                    <name>Blocks</name>
                                                                <inwardlinks description="is blocked by">
                                        <issuelink>
            <issuekey id="56598">RMB-617</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81661">FOLIO-2563</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81662">FOLIO-2564</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81663">FOLIO-2565</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81718">FOLIO-2578</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="73336">MODLOGSAML-58</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="81655">FOLIO-2556</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="54097">OKAPI-767</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                            <outwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="56666">RMB-534</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="35207">MODLOGIN-128</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="80659">FOLIO-1233</issuekey>
        </issuelink>
                            </outwardlinks>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="73337">MODLOGSAML-59</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10144"><![CDATA[Core: Platform]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|i00uh3:</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="773">CP: Roadmap backlog</customfieldvalue>
    <customfieldvalue id="1607">CP: sprint 85</customfieldvalue>
    <customfieldvalue id="1855">CP: sprint 86</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    </customfields>
    </item>
</channel>
</rss>