Hi all. As per the security fixes on https://wiki.zimbra.com/wiki/Zimbra_Rel ... rity_Fixes it mentions:
is that default value set in the source of the graphql component and not defined by default as false in zmlocalconfig? Just checking as running zmlocalconfig|grep -i gql for example does not show a value set at all. And I can't find any definitions for that attribute in the conf directories.Addressed a Cross-Site Request Forgery (CSRF) vulnerability by disabling GraphQL GET methods via localconfig. A new local config attribute, zimbra_gql_enable_dangerous_deprecated_get_method_will_be_removed, has been introduced to control these methods. The default value is not TRUE, and customers are recommended not to set it to TRUE.
Statistics: Posted by pixelplumber — Thu Oct 10, 2024 12:17 am