Steven Horton

icon location Lancaster, CA icon location Senior AppSec Engineer • Secure SDLC & incident response • JavaScript | Python | AWS • Making security painless for dev teams

Results 4 comments of Steven Horton

unmaintained?

I, like many others, came with an issue that I solved later with a configuration change.

Change license from dual RSALv2+SSPLv1 to GPLv3

GPL v3 should in no circumstances be considered. It's more restrictive than the current license, and makes permanent the problem they're attempting to resolve. They're making the bet that they...

Change license from dual RSALv2+SSPLv1 to GPLv3

> I know. With GPLv3 license your code can't become close source anymore or do any other evil things. Hence the reason you might want to consider gpl in your...

Fix for this CVE-2025-47909 is required

According to the GitHub advisory, this issue is fixed in tagged release v1.7.3 [gorilla/csrf CSRF vulnerability due to broken Referer validation](https://github.com/advisories/GHSA-rq77-p4h8-4crw) It's also in the changelog for the tag [here](https://github.com/gorilla/csrf/releases/tag/v1.7.3)