]> git.kaiwu.me - haproxy.git/commit
DOC: stats: Document that stats admin is vulnerable to a CSRF attack
authorOlivier Houchard <ohouchard@haproxy.com>
Wed, 15 Jul 2026 14:40:27 +0000 (16:40 +0200)
committerOlivier Houchard <cognet@ci0.org>
Wed, 15 Jul 2026 14:46:14 +0000 (16:46 +0200)
commit8233bf64dfd6c4a2cfd26f2789d0cbad4600f2a5
tree3a3135cb59111c854683d28930d3aaaddebb350f
parent3e7bfdba047af1397517dc2bc836bb193d63b495
DOC: stats: Document that stats admin is vulnerable to a CSRF attack

Document that stats admin is vulnerable to a CSRF attack that can't be
totally mitigated, so if that feature really has to be used, precautions
must be taken.

This should be backported up to 2.6.

Many thanks to Red Hat and AISLE Research for reporting this.
doc/configuration.txt