I wonder what company can say about listed security issues ?
Jena
It’s a good question. We have reported similar issues and SC promised that they would release V9 with at least our issues fixed. I’m looking into this list to see if there are new issues. Btw I think that these issues are on the sc development instance itself, and apply only if you have the devenv on a virtual server. Afaik the csrf issue doesn’t apply to live applications.
I reported your post to SC, as I think that they should respond.