Change Log - CAcert Bug Tracker

0001341: [my account] Rate limit for login attempts (BenBE)
0001361: [GPG/PGP] Remove dead code from gpg.php file (BenBE)
0001146: [website content] push the clean DRAFT TTP-assisted-assurance Sub policy onto the main website (NEOatNHNG)
0000773: [certificate issuing] No confirmation of revocation of server certificate (BenBE)
0000597: [account administration] email notification for revoked certificates (BenBE)
0001345: [website content] replace DRAFT CCA with POLICY CCA (BenBE)
0001131: [website content] Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html) (NEOatNHNG)
0000482: [account administration] Certificates are automatically revoked on deletion of email address

0001262: [misc] SslLabs B rating (if trust issues are ignored) for cacert.org SSL/TLS setup (wytze)
0000790: [organisational section] Creating organisation client certs by pasted CSR (NEOatNHNG)
0000824: [organisational section] Organisation User Certificates: Need UI improvement for proper production usage (Uli60)
0001318: [source code] E-Mail Probe does not consider mx priorities (NEOatNHNG)
0001289: [certificate issuing] CACert.Org Intermediate Cert Still Signed With MD5 (wytze)
0000028: [certificate issuing] 0000026 Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails (NEOatNHNG)
0001192: [website content] Check on log into the account if user aggreed to CCA, if not prompt him an acception form (BenBE)
0001314: [misc] SSL/TLS support for SSL3 protocol and 3DES cipher suite should be disabled (wytze)
0001301: [account administration] sanitizeHTML function converts input which contains non-ascii characters to an empty string (NEOatNHNG)
0001273: [source code] Replace all backtick operators with calls to runCommand() or shell_exec() (NEOatNHNG)
0000119: [GPG/PGP] Policy URL (Sourcerer)

0001288: [account administration] Support STARTTLS when doing a ping mail (NEOatNHNG)
0001263: [certificate issuing] Feature Request: Support OpenNIC TLDs (wytze)
0001226: [web of trust] add DoB to selection of assuree (BenBE)
0001293: [website content] Replace CCA document with new DRAFT version (BenBE)
0001297: [source code] includes/lib/check_weak_key.php is broken after upgrade to Debian Wheezy with openssl 1.0 (BenBE)
0001298: [source code] CommModule code requires a trivial change to run with Debian Wheezy (BenBE)
0001292: [certificate issuing] Issuing Certificates with "Public Exponent: 1 (0x1)" (BenBE)
0001276: [GPG/PGP] Middle Initial Matching for uid on GPG identities (BenBE)
0001291: [web of trust] executable code can be entered in location field, executable on wot15 (NEOatNHNG)
0001172: [source code] Move the database engine from myISAM to InnoDB (BenBE)
0001283: [web of trust] WoT Contact form shows additional locales double-HTML-encoded (egal)
0001281: [website content] Internal Error on training page (egal)
0001280: [web of trust] WOT: Contact Assurer form does not print preferred language (BenBE)

0000929: [misc] GPG/PGP menu items expand the wrong root (BenBE)
0001221: [web of trust] Inconsistency in Assurance Management (BenBE)
0001138: [account administration] Implement to log the SE activity (NEOatNHNG)
0000413: [certificate issuing] Add a web page indicating the certificate request is still pending (BenBE)
0001275: [organisational section] Missing quotes around"masteracc" array index (BenBE)
0001272: [certificate issuing] Arbitrary Code Execution via SQL injection on certain database fields (NEOatNHNG)
0001266: [certificate issuing] Second-Level SQL Injection in Certificate-related queries (NEOatNHNG)
0001184: [GPG/PGP] Hex2bin function (BenBE)
0001265: [misc] Notification about Heartbleed OpenSSL bug to members (BenBE)

0001137: [web of trust] Record the CCA acception for entering an assurance (BenBE)
0001237: [certificate issuing] Certificates should be issued using sha512WithRSAEncryption for signatures (NEOatNHNG)
0001070: [account administration] Certain account passwords are logged in web server error log. (NEOatNHNG)
0000448: [certificate issuing] when revoking a certificate, confusing info is given to the user (NEOatNHNG)
0001257: [account administration] CCA statistics generates error entry (BenBE)
0001239: [account administration] Increase textbox size for the secret questions during account creation (NEOatNHNG)
0001255: [certificate issuing] DSA certificate issuing ignores key strength (wytze)
0000440: [certificate issuing] Problem with subjectAltName (NEOatNHNG)
0001218: [certificate issuing] client cert issued no longer exportable with private key (class3). IE10 certs usage broken (NEOatNHNG)
0001135: [source code] Extend database table AdminLog et al (egal)
0000530: [certificate issuing] XMPP extension not present after renewal
0001035: [certificate issuing] CN gets deleted from subjectAltName on cert renewal
0000768: [certificate issuing] CAcert adds CommonName to SubjectAltName, although it's already there
0001195: [certificate issuing] Take out change ability on pages/account/6.php (wytze)
0001229: [website content] add short info to the create account page, that and why correct names should be entered (NEOatNHNG)
0001236: [account administration] Security questions rejected invalid on adding middle name (NEOatNHNG)
0001244: [website content] Put explanation text on front page (NEOatNHNG)
0001234: [web of trust] Link on assure someone ponts to the wrong web page (BenBE)

0000918: [certificate issuing] Weak keys in certificates (NEOatNHNG)
0001005: User is shown in find an Assurer while account is deleted (INOPIAE)
0001199: [GPG/PGP] arbitrary code injection (BenBE)
0001064: [source code] Review the code regarding the new point calculation in ./scripts/areacheck.php (NEOatNHNG)
0001045: [source code] Review the code regarding the new point calculation in ./scripts/cron/removedead.php (NEOatNHNG)
0001010: [organisational section] Reorder the view on organisation certificates (BenBE)
0001004: [misc] performance of CAcert webserver is hampered by simultaneous stats.php execution (BenBE)
0001219: [account administration] In SE console the GPG certificate statistics show wrong value for expired certs (NEOatNHNG)
0001213: [website content] "certifictate" is spelt incorrectly (egal)
0001208: [web of trust] Improve readability of "Assure someone" page (BenBE)
0000411: [website content] Wrong text is made into link (INOPIAE)
0000569: [my account] output order when removing email address (NEOatNHNG)
0001182: [misc] Fix Deprecation messages sqldump.php (NEOatNHNG)
0000380: [account administration] User management functions
0001003: [account administration] Provide a possibility to regularly review the permissions in the system (NEOatNHNG)
0000998: [web of trust] When entering an assurance in the WoT one line of the form the suffix is given in another line the suffix is missing. (INOPIAE)
0001090: [misc] Attempts to add existing e-mail to an account results in invalid / misleading error message (INOPIAE)
0000111: [certificate issuing] Private key backup (Sourcerer)
0000646: [web of trust] confusing link labels, 3 different names for the same assurance form (MartinGummi)
0000434: [website content] Formatting of news on start page (INOPIAE)

0000782: [my account] Add "notes" field to certificate information (NEOatNHNG)
0001136: [account administration] Extend SE console with the functionality to revoke all user certificates of an user account (BenBE)
0000893: [Audit issues] Extend Delete account feature for support (INOPIAE)
0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
0001200: [GPG/PGP] uses configuration files from world-writable directory (BenBE)
0001123: [certificate issuing] Add the Check CCA acception to all certificate creation processes (BenBE)
0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
0001190: [website content] News does not display teaser (NEOatNHNG)
0001206: [GPG/PGP] gpg signing does't work (wytze)
0000663: [misc] Add "view personal" information sub menu to the "my details" menu (BenBE)
0001017: [certificate issuing] Chrome certificate enrollement (NEOatNHNG)
0001198: [website content] Change membership fee currency from USD to EUR (NEOatNHNG)
0000589: [certificate issuing] Replace old "agreement" on new certificate page with checkbox agree to CCA (INOPIAE)
0000776: [my account] Let the user add a comment to certificates to distinguish them (INOPIAE)
0001173: [account administration] While email or domain dispute check if the request belongs to a locked account and stop the process (NEOatNHNG)
0001186: [web of trust] Warning when determining MX records of a domain (egal)
0001176: [misc] Fix Deprecation messages due to PHP update (BenBE)
0000457: [GPG/PGP] missing variable replacement in certificate creation mail (INOPIAE)
0000577: [source code] XHTML 1.1 validity of documents not given
0000822: [certificate issuing] Please add a sort of description field to server/client certificates (INOPIAE)
0000454: [account administration] Please add a description field to the Certificates (INOPIAE)

0000777: [account administration] Slow reply when searching for a user account (INOPIAE)
0000922: [account administration] CAcert application code problem causing missing "certificate about to expire" messages (NEOatNHNG)
0001159: [source code] it might be possible to execute commands on the signing server (BenBE)
0001121: [my account] Record the CCA acception for the account creation (NEOatNHNG)
0001102: [website content] New Class3 root Policy links to http://www.CAcert.org/index.php?id=10; page displays: plz correct link (MartinGummi)
0000999: [account administration] When revoking an assurance in the SE console the messagebox is unclear (egal)
0001134: [source code] Delete the board flag thourougly in all parts of our software (NEOatNHNG)
0001008: [account administration] View for SE to see if user is Organisation Admin for which Organisation Accounts (NEOatNHNG)
0000740: [website content] How to become an assurer is missleading
0001124: [my account] Selection of additional languages, sorting is somewhat strange
0000602: [website content] navigation bar - About CAcert.org Menu section missing if logged in
0001122: [account administration] Give Support the chance to see when the first and the last CCA acception took place
0001094: [my account] Wrong information shown when disputing a domain that is part of a organisation account.
0001165: [certificate issuing] Wrong wording for explanation of the organisation assurances. found in ../pages/account/10.php:29
0001154: [website content] Failed client cert login message talks about wrong menu item "Normal Login" instead of "Password Login"
0001171: [misc] cron-driven warning.php script causes annoying warnings
0001099: [misc] Automatic CAcert's root certificate install on Windows via Internet Explorer.
0001112: [website content] Exchange the text on the TTP page according to the new TTP programm
0001144: [misc] cacert.org enables TLS Compression (which is insecure, CRIME-attack)
0001063: [source code] Review the code regarding the new point calculation in ./scripts/nearest.php
0000044: [my account] Promoting users to become assured (MartinGummi)
0000067: [website content] Website is incomprehensible for first time assurers (tgage)
0000483: [certificate issuing] Please send more verbose emails concerning certificate revocation (INOPIAE)

0000964: [certificate issuing] VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048
0001141: [my account] If i delete Domains, no Servercerts for this domains are listet, even not the revoked
0001082: [my account] The text on the login form is not shown inside the grey box
0001097: [translations] Special characters which have no HTML-entities are not properly escaped (NEOatNHNG)
0001119: [certificate issuing] Error importing CRL to Firefox/Thunderbird
0001133: [web of trust] It should not be possible to assure a blocked account (NEOatNHNG)
0000512: [organisational section] Org admins must have 100 points (NEOatNHNG)
0000795: [account administration] contact form does not signal whether filed request is senstive or open (NEOatNHNG)
0001034: Delete files that are no longer needed as they are obsolete after bug fixing (NEOatNHNG)
0001009: [website content] Exchange OA policy in the WebDB with the one in SVN (rev p20080401.1) (NEOatNHNG)
0001069: [my account] Typo in View 41 (NEOatNHNG)
0000888: [Audit issues] to add new assurance method TTP (NEOatNHNG)
0001118: [source code] Add new fields to the database (NEOatNHNG)
0000930: [web of trust] types wrong points in "Assure Someone" form
0000801: [web of trust] Date of assurance should be in user's timezone

0000489: [web of trust] Pb on rewarding 2 points for an assurance (INOPIAE)
0001114: [website content] Change CAcert postal address to the current one on index/11.php (NEOatNHNG)
0001111: [website content] Change the text on the TTP page according to the new TTP programm (NEOatNHNG)
0001110: [translations] Please add new language (NEOatNHNG)
0001109: [website content] Add SWIFT Number to Australian Bank Account (NEOatNHNG)
0001083: [organisational section] Resize comment field for adding new organisation administrators (BenBE)
0001080: [organisational section] The link on page to iso code on account.php?id=24 show no result (BenBE)
0001074: [web of trust] Wrong display of method on points page wot.php?id=10 (Uli60)
0000978: [certificate issuing] Invalid SPKAC requests are not properly validated (BenBE)
0000977: [account administration] admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue (NEOatNHNG)
0000860: [my account] someone accessed your password and secret questions page, plz change pwd translation mixed and garbled, text is tanslated in TL (BenBE)
0000590: [account administration] Join procedure must get Agreement to CCA (Uli60)
0001091: [web of trust] Improve message to Assurer (egal)
0001125: [website content] Testsystem main page, contact form, better text
0001106: [source code] Add new fields to the database (INOPIAE)
0001081: [translations] https://secure.cacert.org/account.php shows funny characters (INOPIAE)
0000975: [account administration] report potential database inconsistency in SE console (debug infos) (Uli60)
0000938: New Org Client Certs form with two buttons and only one function? (Uli60)
0000857: Button on confirmation page after sending an email to contact an assurer is in English instead of German (INOPIAE)
0000715: Ability to mass-mail Assurers
0000579: [certificate issuing] Link text does not change with its own function. (INOPIAE)
0000568: [certificate issuing] client certificate login ability not saved on submission
0000543: [website content] The "Join"-page https://www.cacert.org/index.php?id=1 needs some info how names should be entered
0000516: [website content] Copyright notice stating 2006 when logged in
0000507: [website content] house style incorporation into web pages (INOPIAE)
0000503: [website content] use new CAcert logo (INOPIAE)
0000502: [website content] reference to policy documents on web site
0000468: [certificate issuing] No Keyids, serials in cert/key lists and emails
0000435: [GPG/PGP] typos in cert email creation (INOPIAE)
0000433: [account administration] The example password can be used on registration (INOPIAE)
0000424: [account administration] Text for domain validation insufficient (INOPIAE)
0000423: [certificate issuing] Add Support for Organizational (Organisational) Codesigning Certificates (INOPIAE)
0000383: [certificate issuing] You've been assured e-mail has a typo (english)
0000379: [account administration] problem on page "forgotten password"
0000370: [translations] The form to find an Assurer is not translated. (INOPIAE)
0000362: [certificate issuing] Organisational Code Signing Certificates (INOPIAE)
0000315: [organisational section] Broken Org admin link / try and add an Org admin
0000307: [source code] make_hash broken (INOPIAE)
0000235: [website content] would like to have statistics per region back
0000214: [certificate issuing] Uniqueness of public keys accross different users (Sourcerer)
0000123: [account administration] Find user does not show unverified users (INOPIAE)
0000103: [account administration] Administrative interface doesn't show certificates (INOPIAE)
0000095: [website content] Assurance suggestion
0000042: [website content] Add a link to the HowTo´s, that are available on the Frontpage
0000039: [GPG/PGP] 0000028: Add the PGP Key ID to the list of signed Keys (Sourcerer)
0000034: [website content] 0000010: Contact Us Page (General Layout)
0000023: [website content] 0000013: Cookie-Warning on Login Page
0000020: [website content] 0000005: General wording

0000981: [organisational section] New layout of view for Organisation Administraors in account/id35 (NEOatNHNG)
0001075: [web of trust] On the assure someone page the links to the CAP-forms do not work (NEOatNHNG)
0001024: [misc] Assurer flag is not set correctly on updatesort.php run (NEOatNHNG)
0001019: [my account] Contact form does not work when logged in! (NEOatNHNG)
0000967: [organisational section] Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer (egal)
0000866: [source code] code fix in /scripts/addpoints.php (edgarwahn)
0000855: [account administration] Fix adding TTP assurance method on testserver (was: admin console lists "empty" and "Unknown" ...) (Uli60)
0000789: [organisational section] Editing domain for organisations does not work (NEOatNHNG)
0000003: [certificate issuing] Single Character Middle Initial clear name from subject (Uli60)

0000460: [GPG/PGP] Please disable GPG signing until we have a production-quality system (Sourcerer)
0000571: [account administration] need for email addresses (or link) in admin console (NEOatNHNG)
0001072: [my account] CATS results don't get imported due to IP address change (NEOatNHNG)
0001041: [translations] German version of new point calculation inconsistend in use of "Sie" and "Du" (NEOatNHNG)
0001033: [web of trust] User can grant more then 35 points (NEOatNHNG)
0001027: [website content] Add information for affiliate program from booking.com (egal)
0001014: [web of trust] Remove the system of automatically adding a timestamp (INOPIAE)
0001011: [translations] HTML tags in translations are not escaped (NEOatNHNG)
0001002: [web of trust] Contact Assurer form leaves a funny comment after sending (NEOatNHNG)
0000997: [web of trust] Two confusing strings (INOPIAE)
0000606: [translations] French translation for "Assure Someone" (INOPIAE)
0000567: [web of trust] Cannot assure someone with uppercase letters in the email address (INOPIAE)

0000827: [tverify] Tverify points to be deprecated (egal)
0000966: [organisational section] Delete Admin for [organization] deletes admin even though cancel button is pressed (Ted)
0000957: [organisational section] Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible (NEOatNHNG)
0000909: [source code] too many error messages logged by php code (Uli60)
0000968: [source code] split 0000909: too many error messages logged - part II - general.php (Ted)
0000908: [source code] Session unregister when logging out seems to contain bugs (Uli60)
0000894: [Audit issues] problems with check-boxes on website forms (Assure someone) -> a20091118.3 (NEOatNHNG)
0000882: [account administration] display Assurance when field in list of assurances received, assurances given by a user in admin console interface (Uli60)
0000871: [website content] Typo in german CAP Form (Uli60)
0000596: [account administration] add column serial# in certs overviews (client, server, orgclient, orgserver) (NEOatNHNG)
0000976: [misc] List of update request for webdb database structure upgrade with tables / fields (Uli60)
0000846: [website content] Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2) (Ted)

0000954: [certificate issuing] script to bulk revoke weak keys (Ted)
0000940: [website content] Outsource Webdb text pages help.php?id=0..9 to wiki (Ted)
0000963: [source code] Logout Session not completely reset (NEOatNHNG)
0000959: [web of trust] add points tbl A unverified add (NEOatNHNG)
0000955: [organisational section] Possibilty to change the sorting order for the organisation overview (Uli60)
0000948: [source code] Email address verification violates SMTP protocol (Uli60)
0000942: [misc] CATS import interface is not fit to handle non-Assurer Challenge tests (NEOatNHNG)
0000921: [Audit issues] http://www.cacert.org/index.php?id=10 fixes PP (Privacy Policy) (Uli60)
0000911: [GPG/PGP] Wrong expiration time in newly added GPG Key if Key has no Expire date (NEOatNHNG)
0000910: [website content] Replace "Board" list under http://www.cacert.org/index.php?id=8 with Wiki Link (Ted)
0000897: [website content] Prerequisites to do code signing differ in About->Point System and CPS (Uli60)
0000868: [translations] Hint to the root distribution license is broken in german translation (Uli60)
0000841: Problems on cert login with "duplicate" serial numbers (WAS: Cannot create client certificate at https://cacert1.it-sls.de/) (NEOatNHNG)
0000819: [source code] Comparison instead of Assignment (NEOatNHNG)
0000818: [source code] Syntax Errors in Unused Code (NEOatNHNG)
0000717: [misc] Certificate login does not work for certificates signed by the class 3 root (Uli60)
0000716: [website content] non-intuitive to find out if one’s still an assurer (Uli60)
0000637: [logged out] Password suggestion always the same (NEOatNHNG)

0000895: [my account] Login to Testserver-Mgmt-System doesn't work (identified to have special char "§" in password) (edgarwahn)
0000876: [website content] NRP-DaL to be removed immediately (NEOatNHNG)
0000867: [source code] code fix in /www/wot.php (edgarwahn)
0000865: [misc] removal of unused /pages/wot/7-old.php (edgarwahn)
0000831: [misc] (Missing) IPv6 DNS entries make mailserver reject mails (wytze)
0000515: [website content] Please add a huge notice that TTP is not available in certain countries on TTP info page and forms (Uli60)

0000207: [source code] [security bug] cross site scripting
0000215: [certificate issuing] Challenge isn´t verified on SPKAC requests (Sourcerer)
0000378: [source code] CCSR API SQL Injection (Sourcerer)
0000449: [website content] Bad web link on Orga Assurance page (Sourcerer)
0000544: [certificate issuing] personal client certificates without login capability (Sourcerer)
0000556: [certificate issuing] org certificate renewal doesn't work (Sourcerer)
0000582: [organisational section] Can not issue organisation server certificate (Sourcerer)
0000749: [website content] Broken Link on https://www.cacert.org/policy/AssurancePolicy.php (Sourcerer)
0000747: [translations] Assure someone => start notify mail => ERROR! Mail has sent (Uli60)
0000743: [website content] [Patch] cacert/pages/account/55.php: call to gettext inside a string (Sourcerer)
0000722: [Audit issues] server cert of OSCP server is expired (Sourcerer)
0000720: [my account] Unable to join (Sourcerer)
0000718: [website content] Broken Link: About CAcert - Mailing Lists (Sourcerer)
0000712: [translations] Typo in German domain verification mails
0000693: [website content] About- CAcert Board webpage can not be managed
0000668: [GPG/PGP] Confusing Output on key with a single UID (Sourcerer)
0000662: [certificate issuing] Issuing certificates via the CertAPI facility does not work [solution known] (Sourcerer)
0000651: [misc] Useless use of UTF-8 MIMEWords in E-Mail subjects (Sourcerer)
0000588: [account administration] Turn off old "candidate" Assurers (Uli60)
0000570: Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs
0000564: [website content] security contact information (Sourcerer)
0000522: DNS A record required to verify domain ownership
0000506: [web of trust] CCA agreement marking check on assurance page (teus)
0000504: [account administration] CCA agreement in CAP/COAP forms (teus)
0000443: [my account] All locations for Slovenia are broken (Sourcerer)
0000336: [certificate issuing] Verification mail and pages (Sourcerer)
0000227: [GPG/PGP] mysql_real_escape_string sometimes prevents adding of gpg keys (Sourcerer)
0000106: [website content] PHP Settings improvement (Sourcerer)
0000057: [GPG/PGP] Recognize multiple GPG keys in a signing request (Sourcerer)
0000012: [GPG/PGP] revoked subkeys are also tried to be signed (Sourcerer)
0000009: [account administration] a web ssl-enabled interface to upload sensitive documents for support@cacert.org

0000702: [certificate issuing] new domain certificate request page there is a broken link to /docs/ (Sourcerer)
0000694: [website content] About- CAcert Board webpage can not be managed
0000675: [account administration] Support request to add the location Hoogezand-Sappemeer to the database (teus)
0000493: [misc] mantis could include additional projects
0000186: [web of trust] agreement on the CAP forms (teus)
0000708: [account administration] CCA checkbox doesn't work, no registration possible (Sourcerer)

0000412: [misc] please remove sqldump.php (Sourcerer)
0000480: [certificate issuing] Can't renew/revoke certificate (Sourcerer)
0000521: [GPG/PGP] Wrong expiration date (Sourcerer)
0000600: [source code] NS Client certs can be created with an arbitrary email address attached. (Sourcerer)
0000643: [my account] verify domain fails
0000640: [certificate issuing] Root cert returns 404 (Sourcerer)
0000605: [website content] bugs.cacert.org => General information
0000604: [translations] German Translation: Menu section "Streifälle/Mißbrauch"
0000603: [translations] Deutsche Uebersetzung: My Details - My Points
0000599: [source code] XSS exploit in general.php/waitForResult (Sourcerer)
0000595: [source code] Arbitrary addition to list of email addresses valid to verify a domain as being under the control of the user. (TheSourcerer)
0000559: [CAcert Stamp] incorrect relativ links (Sourcerer)
0000558: [website content] CAcert Board member listing wrong (Sourcerer)
0000557: [my account] certificate not revocable (Sourcerer)
0000555: [certificate issuing] Impossible to create client certificate with no mailaddress
0000542: [website content] certificate expire information on http://www.cacert.org/index.php?id=19 are wrong (Sourcerer)
0000501: [website content] assurance challenge notice (Ted)
0000499: [my account] Need to store and display "Passed the Assurer Challenge" status (Ted)
0000487: [CAcert Stamp] mantis bugtracker needs update to 1.1.1
0000419: [certificate issuing] Typo in automated message regarding cert renewal (Sourcerer)
0000415: [source code] cacert.sql file in current source download file (20070207) is out of date (Sourcerer)
0000414: [tverify] [Tverify] Need a list of still pending request (Sourcerer)
0000361: [website content] Orga-Admin area is not Multi-Tab safe (Sourcerer)

0000143: [logged out] nobody is perfekt (Sourcerer)
0000310: [misc] New Colo (Sourcerer)
0000346: [website content] Root certificate and Fingerprint on unsecure Site (Sourcerer)
0000469: [GPG/PGP] No email address shown in keylisting (Sourcerer)
0000464: [misc] IRC nicknames cannot be registered if longer that 9 characters
0000461: [misc] Bugtracker should default to https
0000456: [translations] Error message in https://secure.cacert.org/account.php unstralated (german) (Sourcerer)
0000455: [GPG/PGP] GPG key without E-mail address cannot be signed
0000453: [organisational section] linking to deleted accounts (Sourcerer)
0000447: [GPG/PGP] You can have any arbitrary userid signed with the cacert root key (Sourcerer)
0000441: [certificate issuing] ocsp class 3 organisations certifiacte not working (Sourcerer)
0000436: [GPG/PGP] Any live SMTP call stage of domain email before domain email checking (Sourcerer)
0000432: [web of trust] Error message after sending reminder (Sourcerer)
0000418: [website content] Remove links to news.php (Sourcerer)
0000417: [website content] http://www.cacert.org/docs/ shows directory listing (Sourcerer)
0000410: [certificate issuing] Status of certificate not reflected on website (Sourcerer)
0000382: [misc] Support Mailinglist (cacert-support@lists.cacert.org) bounces mails
0000373: [misc] Password reset (epilitimus)
0000368: [web of trust] Wrong URL for Location Editing (epilitimus)
0000367: [website content] e-mail contact via contact formular on www.cacert.org to find assurer seems not to be working (epilitimus)
0000365: [website content] Class3 Fingerprint (Sourcerer)
0000364: [website content] Text Download for Root Certs (epilitimus)
0000345: [certificate issuing] Class 3 client certificates are not accepted for email signing by SeaMonkey and Thunderbird (epilitimus)
0000343: [GPG/PGP] Don't get my gpg key signed, but no error message (duane)
0000337: [certificate issuing] Race condition in the Database (Sourcerer)
0000334: [organisational section] OU value not set in an Organisational certificate even though "Department" is supplied when creating certificate
0000324: [certificate issuing] Cannot issue "Client cert" with OU from the new org client cert form
0000322: [web of trust] Alternative names aren´t found (Sourcerer)
0000312: [certificate issuing] removed except the CommonName field (Sourcerer)
0000280: [my account] Impossible to be localised in France
0000258: [GPG/PGP] signs uids with unverified email addresses (Sourcerer)
0000236: [GPG/PGP] I always get "No emails found on your key" when trying to sign a GPG Pubkey (Sourcerer)
0000202: [certificate issuing] broken index.txt (Sourcerer)
0000184: [GPG/PGP] No Resigning, when GPG-Key is signed (Sourcerer)
0000139: [GPG/PGP] CAcert does not sign previously signed Sub-IDs (Sourcerer)
0000059: [certificate issuing] Problem in translation (Sourcerer)
0000054: [organisational section] Issue org code signing certs (Sourcerer)
0000027: [website content] 0000022: CAcert certificate seal verification service broken
0000409: [certificate issuing] Emails after cert generation have wrong link to certificate (Sourcerer)

0000317: [certificate issuing] SHA-2 support (duane)
0000002: [account administration] [Support] Need web interface to modify the DOB of a user
0000056: [account administration] EMail Ping not safe enough
0000128: [organisational section] Need to get the email list of the org admins
0000065: [website content] Security Hole: CrossSiteScripting (duane)
0000145: [logged out] Beware of the Evil ...
0000158: [source code] Inserting text into the CAcert website
0000161: [source code] concerning variable reuse
0000164: [source code] org eat org
0000175: [website content] We need a way to shutdown the website (Sourcerer)
0000181: [web of trust] Double Assurance (Sourcerer)
0000183: [source code] don't trust my names
0000194: [source code] Don't trust the users (Sourcerer)
0000195: [source code] Session Security
0000200: [web of trust] creating client certs with arbitrary names included
0000203: [misc] old versions (duane)
0000205: [website content] [security bug] information gathering
0000206: [source code] [security bug] bad style of programming
0000208: [source code] [security bug] unverified SQL injeciton in gpg.php (Sourcerer)
0000217: [source code] remove old functionality for CSR
0000218: [source code] variables not reset
0000245: [GPG/PGP] Shell escape
0000265: [certificate issuing] Server certificate included extra DNS names (Sourcerer)
0000286: [my account] language issues (1/2)
0000289: [misc] Exploiting whois and the add domain function
0000309: [misc] New DNS servers (evaldo)
0000335: [misc] OCSP responds "unknown" (Sourcerer)
0000374: [website content] thawte verification wiki
0000355: [account administration] Separation of Admin and Organisation-Assurer (Sourcerer)
0000354: [website content] translation on page https://www.cacert.org/index.php?id=5 and other small corrections (wonderer)
0000351: [website content] little corrections on http://www.cacert.org/index.php?id=51&lang=de_DE
0000344: [GPG/PGP] Can't delete gpg key
0000342: [GPG/PGP] Menu order: GPG/PGP Keys
0000331: [organisational section] "Organisation Assurance" gives only error message "Parse error: syntax error, unexpected T_IF in /www/pages/wot/11.php on line 1
0000323: [organisational section] Cannot add and remove an admin to/from an organisation
0000321: [website content] PHP Error when trying to install certificate into IE7 (duane)
0000319: [translations] Untranslated logos page (aanriot)
0000316: [web of trust] Redesign of the CAP/TTP forms
0000314: [website content] localised a assurrer in Ingolstadt, Bayern, Germany (776272) (Sourcerer)
0000311: [web of trust] You are receieving this email as you are the listed contact for: ??? (blank)
0000308: [source code] tverify missing (Sourcerer)
0000306: [web of trust] ID copies (Sourcerer)
0000296: [translations] german translation "März" not "Mrz"
0000295: [translations] english text in german page
0000302: [website content] in Germany we have ä, ö and ü | the cities in your db are only written with a o u and not with ae oe ue
0000300: [my account] assured people don`t get points from me
0000299: [source code] sqldump without ; (Sourcerer)
0000294: [translations] english text in german translation
0000293: [translations] english text in german translation
0000297: [translations] missing translations to german in menu on right side (duane)
0000292: [translations] The german translation are not display complete (duane)
0000288: [misc] Bad usage of checkEmail
0000284: [account administration] move the LostPassphrase answers (+questions) to an additional page (duane)
0000283: [account administration] move the DOB editing to a seperate page (duane)
0000281: [source code] make.php.dist (duane)
0000278: [web of trust] Location DB Admin broken (duane)
0000277: [website content] Secure IRC missing (duane)
0000275: [certificate issuing] Race condition
0000274: [website content] More information about CAcert Inc. (duane)
0000271: [source code] dsffdfdd
0000267: [source code] register globals CSR (duane)
0000266: [account administration] My Alerts reset
0000261: [my account] not listed as assurer although defined "i want to be listed" as well as the correct region "Wien, Wien, Austria"
0000256: [certificate issuing] Cert Renewal Problem - Link to Wiki
0000255: [account administration] Mantis email interface is not RFC compliant
0000252: [translations] Translation not working at all (Sourcerer)
0000248: [account administration] password reset does not work in admin mode (duane)
0000244: [account administration] AJAX (location) From stopped working (duane)
0000240: [web of trust] OCSP response signer's certificate expired
0000233: [account administration] marriage
0000229: [certificate issuing] no "cancel" Button (wonderer)
0000228: [account administration] No confirmation mail after registration
0000219: [web of trust] "Find an Assurer" unusable (at least without javascript)
0000212: [source code] Missing "Your Certificate is about to expire" scripts
0000211: [website content] in index/1.php, there is irritating text
0000210: [misc] unabled to add .EU domain / Cookie issue with Mozilla (duane)
0000209: [source code] unauthenticated access on the test1 website (duane)
0000201: [web of trust] incorrect baltic character encoding/font on CAP form
0000199: [misc] necessary security update for wordpress blog software
0000191: [my account] "Assurance Points You Issued" entries are out of sequence
0000189: [account administration] Can login with Certificate but can't change Password
0000187: [website content] Website menu : Point system (duane)
0000185: [my account] Irritating message when trying to log into unverfied account
0000182: [source code] index.php?id=2 always writes confirmation message
0000180: [organisational section] man in the middle attack to mails (Sourcerer)
0000178: [account administration] missing numbering of Assurances
0000177: [account administration] Safety question for 0 points assurance (Sourcerer)
0000174: [translations] Deutsche Übersetzung der Startseite, Gebü_h_ren bitte mit h (duane)
0000171: [source code] missing email notification
0000170: [web of trust] Set focus to email field on load
0000169: [website content] Use https for bugs.cacert.org (Sourcerer)
0000168: [my account] Add secondary contact language
0000167: [web of trust] No points might be added because the member already has got 35 points (Sourcerer)
0000166: [website content] Better usability for new localization
0000163: [account administration] Avoid a user to put 5 time the same question in the Q/A password recovery system
0000162: [source code] Useless setting of $id
0000160: [source code] "pointsalready <= 1500" makes no sence (duane)
0000159: [source code] $_SESSION['profile']['email'] in index/4.php
0000157: [source code] index/0.php uses initialized $rss
0000155: [source code] unparsed variables used in mysql query
0000154: [source code] Privacy concern
0000153: [source code] _SESSION['config'] doesn't exist
0000151: [account administration] Admin function to remove notification settings for users (Sourcerer)
0000150: [source code] Who is organized?
0000148: [GPG/PGP] site shouldn't rely on magic_quotes_gpc turned on
0000147: [website content] useless $key = $val
0000146: [source code] Unparsed variable written to session variable
0000142: [organisational section] The location db listing page should show the long/lat values of places (duane)
0000141: [website content] Certificate Classes need explanation (Sourcerer)
0000140: [website content] Please rename link "Further Information" or move it else where
0000136: [web of trust] How to get a blank CAP "WoT" or TTP form ?
0000132: [website content] Collision in variable names (Sourcerer)
0000125: [my account] wrong confirmationmessages if account was not validated (duane)
0000122: [organisational section] System Admin, Location DB: edit does not work
0000121: [website content] Help Translation Bug (Sourcerer)
0000116: [organisational section] Org master should be able to delete org admins
0000115: [account administration] Organisation Domain listing (Sourcerer)
0000112: [website content] A link to the mailing list index page would be useful (evaldo)
0000110: [account administration] View Domains (MichaelDiederich)
0000108: [account administration] Delete Email Accounts (MichaelDiederich)
0000101: [organisational section] Allowing organisational users to set any OU during certificate requests
0000094: [website content] Improved Errormessages (Sourcerer)
0000093: [account administration] Storing the original points that were awarded by assurance, even if rounded down afterwards (Sourcerer)
0000092: [account administration] Logging of the email addresses and the account of the person that generates an Email Ping (Sourcerer)
0000088: [my account] Check for security questions with the same answer
0000084: [certificate issuing] Organisational web certs do not include any attributes besides CN
0000083: [certificate issuing] Random Number exhaustion (duane)
0000080: [account administration] Account blocking/lockout feature request
0000076: [certificate issuing] Inclusion of the Certificates information (CN, O etc) in the cert expiration warning mail
0000074: [translations] Some less detail required (about 29.98 days == > about 30 days)
0000073: [translations] Untranslated texts in certificate renewal reminder e-mail
0000071: [website content] Certificate Login - usability problem (Sourcerer)
0000058: [certificate issuing] Expire policy compliance
0000046: [website content] Add another CRL link
0000036: [website content] 0000014: Image Translation (duane)
0000033: [website content] 0000008: Contact Us Page (Forms)
0000032: [website content] 0000007: Stylesheets for h3 tag
0000031: [website content] 0000006: Further Information Page
0000030: [GPG/PGP] 0000033 GPG Keysigning Broken for RSA Keys?
0000029: [my account] 0000029: Max Points on cap.php forms makes no sence
0000025: [website content] 0000020: Change-Language Links all Link to index.php
0000018: [website content] 0000032 Autocomplete should be set to off for LostPassword Questions
0000016: [website content] 0000018: Wrong or missing information on CAcert pages
0000014: [web of trust] 0000019: Tverify does not work in some cases : wrong thawte cert verification assumptions ?

0000050: [my account] problem in assurance point handling
0000113: [account administration] Rounding errors
0000107: [account administration] Replacing Locations for France
0000098: [website content] Calendar on blog.cacert.org seems to have RAM Problems
0000097: [website content] URL points to MantisBT instead of CAcert.org
0000085: [website content] Login Redirect broken (duane)
0000079: [website content] Location Database: Rename London
0000072: [my account] Location needs to be renamed
0000063: [web of trust] I issued ZERO assurance points by mistake
0000062: [certificate issuing] Interoperability between Symantec Web Security Server and CAcert (duane)
0000011: [certificate issuing] Class 3 certificate migration (duane)
0000007: [organisational section] Mantis is misconfigured (duane)
0000004: [my account] 0000030: Missing Cities in the WoT Assurer Location list (duane)

0001245: [Admin Interface] Admin Interface does not accept non-ASCII characters in question text and description (Ted)
0001303: [Other] TLS of cats.cacert.org is weak and outdated (jandd)
0001140: [User Interface] Show if a test is passed in learnprogress (Ted)
0001161: [Result Upload] Handle error reports by server in UploadResults.pl
0000756: [Admin Interface] While editing answers to questions of type multiple choice. It's not possible to add answers. (Ted)
0000757: [User Interface] For some reason I really expect the CAcert logo to be hyperlinked to de website. (Ted)
0000889: [User Interface] Login with Client Certs class3 doesn't work - login with Client Cert Class1 works (Ted)
0000514: [User Interface] logged in as box not visible with Safari 3.0.4 (tigerp)
0000510: [User Interface] Organisation certificates must not be accepted for Login (Ted)
0000474: [Database] Privacy issues concerning user table (Ted)
0000476: [Database] user_address table contains sensitive information and should be treated as such (Ted)
0000472: [User Interface] Progress cannot be shown (Ted)

Main CAcert Website - Change Log

Main CAcert Website - 2015 Q3

Main CAcert Website - 2015 Q1

Main CAcert Website - 2014 Q4

Main CAcert Website - 2014 Q3

Main CAcert Website - 2014 Q2

Main CAcert Website - 2014 Q1

Main CAcert Website - 2013 Q4

Main CAcert Website - 2013 Q3

Main CAcert Website - 2013 Q2

Main CAcert Website - 2013 Q1

Main CAcert Website - 2012 Q4

Main CAcert Website - 2012 Q3

Main CAcert Website - 2012 Q2

Main CAcert Website - 2012 Q1

Main CAcert Website - 2011 Q4

Main CAcert Website - 2011 Q3

Main CAcert Website - 2011 Q2

Main CAcert Website - 2010 Q4

Main CAcert Website - 2010 Q3

Main CAcert Website - 2010 Q2

Main CAcert Website - 2010 Q1

Main CAcert Website - 2009 Q4

Main CAcert Website - 2009 Q3

Main CAcert Website - 2009 Q2

Main CAcert Website - 2009 Q1

Main CAcert Website - 2008

Main CAcert Website - 2007

Main CAcert Website - 2006

Main CAcert Website - 2005

CATS.cacert.org - Change Log

CATS.cacert.org - production