Main CAcert Website - Change Log
Released 2015-06-30
0001389: [misc] Wrong encoding for mails sent with function sendmail() (BenBE) 0001127: [translations] messages,pot file created by www/locale/Makefile contains misleading file references (BenBE) 0001392: [certificate issuing] Issue of certificates to arbitrary domains (BenBE)
3 issues View Issues
Released 2014-12-31
0001341: [my account] Rate limit for login attempts (BenBE) 0001361: [GPG/PGP] Remove dead code from gpg.php file (BenBE) 0001146: [website content] push the clean DRAFT TTP-assisted-assurance Sub policy onto the main website (NEOatNHNG) 0000773: [certificate issuing] No confirmation of revocation of server certificate (BenBE) 0000597: [account administration] email notification for revoked certificates (BenBE) 0001345: [website content] replace DRAFT CCA with POLICY CCA (BenBE) 0001131: [website content] Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html) (NEOatNHNG) 0000482: [account administration] Certificates are automatically revoked on deletion of email address
8 issues View Issues
Released 2014-09-30
0001262: [misc] SslLabs B rating (if trust issues are ignored) for cacert.org SSL/TLS setup (wytze) 0000790: [organisational section] Creating organisation client certs by pasted CSR (NEOatNHNG) 0000824: [organisational section] Organisation User Certificates: Need UI improvement for proper production usage (Uli60) 0001318: [source code] E-Mail Probe does not consider mx priorities (NEOatNHNG) 0001289: [certificate issuing] CACert.Org Intermediate Cert Still Signed With MD5 (wytze) 0000028: [certificate issuing] 0000026 Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails (NEOatNHNG) 0001192: [website content] Check on log into the account if user aggreed to CCA, if not prompt him an acception form (BenBE) 0001314: [misc] SSL/TLS support for SSL3 protocol and 3DES cipher suite should be disabled (wytze) 0001301: [account administration] sanitizeHTML function converts input which contains non-ascii characters to an empty string (NEOatNHNG) 0001273: [source code] Replace all backtick operators with calls to runCommand() or shell_exec() (NEOatNHNG) 0000119: [GPG/PGP] Policy URL (Sourcerer)
11 issues View Issues
Released 2014-06-30
0001288: [account administration] Support STARTTLS when doing a ping mail (NEOatNHNG) 0001263: [certificate issuing] Feature Request: Support OpenNIC TLDs (wytze) 0001226: [web of trust] add DoB to selection of assuree (BenBE) 0001293: [website content] Replace CCA document with new DRAFT version (BenBE) 0001297: [source code] includes/lib/check_weak_key.php is broken after upgrade to Debian Wheezy with openssl 1.0 (BenBE) 0001298: [source code] CommModule code requires a trivial change to run with Debian Wheezy (BenBE) 0001292: [certificate issuing] Issuing Certificates with "Public Exponent: 1 (0x1)" (BenBE) 0001276: [GPG/PGP] Middle Initial Matching for uid on GPG identities (BenBE) 0001291: [web of trust] executable code can be entered in location field, executable on wot15 (NEOatNHNG) 0001172: [source code] Move the database engine from myISAM to InnoDB (BenBE) 0001283: [web of trust] WoT Contact form shows additional locales double-HTML-encoded (egal) 0001281: [website content] Internal Error on training page (egal) 0001280: [web of trust] WOT: Contact Assurer form does not print preferred language (BenBE)
13 issues View Issues
Released 2014-03-31
0000929: [misc] GPG/PGP menu items expand the wrong root (BenBE) 0001221: [web of trust] Inconsistency in Assurance Management (BenBE) 0001138: [account administration] Implement to log the SE activity (NEOatNHNG) 0000413: [certificate issuing] Add a web page indicating the certificate request is still pending (BenBE) 0001275: [organisational section] Missing quotes around"masteracc" array index (BenBE) 0001272: [certificate issuing] Arbitrary Code Execution via SQL injection on certain database fields (NEOatNHNG) 0001266: [certificate issuing] Second-Level SQL Injection in Certificate-related queries (NEOatNHNG) 0001184: [GPG/PGP] Hex2bin function (BenBE) 0001265: [misc] Notification about Heartbleed OpenSSL bug to members (BenBE)
9 issues View Issues
Released 2013-12-31
0001137: [web of trust] Record the CCA acception for entering an assurance (BenBE) 0001237: [certificate issuing] Certificates should be issued using sha512WithRSAEncryption for signatures (NEOatNHNG) 0001070: [account administration] Certain account passwords are logged in web server error log. (NEOatNHNG) 0000448: [certificate issuing] when revoking a certificate, confusing info is given to the user (NEOatNHNG) 0001257: [account administration] CCA statistics generates error entry (BenBE) 0001239: [account administration] Increase textbox size for the secret questions during account creation (NEOatNHNG) 0001255: [certificate issuing] DSA certificate issuing ignores key strength (wytze) 0000440: [certificate issuing] Problem with subjectAltName (NEOatNHNG) 0001218: [certificate issuing] client cert issued no longer exportable with private key (class3). IE10 certs usage broken (NEOatNHNG) 0001135: [source code] Extend database table AdminLog et al (egal) 0000530: [certificate issuing] XMPP extension not present after renewal 0001035: [certificate issuing] CN gets deleted from subjectAltName on cert renewal 0000768: [certificate issuing] CAcert adds CommonName to SubjectAltName, although it's already there 0001195: [certificate issuing] Take out change ability on pages/account/6.php (wytze) 0001229: [website content] add short info to the create account page, that and why correct names should be entered (NEOatNHNG) 0001236: [account administration] Security questions rejected invalid on adding middle name (NEOatNHNG) 0001244: [website content] Put explanation text on front page (NEOatNHNG) 0001234: [web of trust] Link on assure someone ponts to the wrong web page (BenBE)
18 issues View Issues
Released 2013-09-30
0000918: [certificate issuing] Weak keys in certificates (NEOatNHNG) 0001005: User is shown in find an Assurer while account is deleted (INOPIAE) 0001199: [GPG/PGP] arbitrary code injection (BenBE) 0001064: [source code] Review the code regarding the new point calculation in ./scripts/areacheck.php (NEOatNHNG) 0001045: [source code] Review the code regarding the new point calculation in ./scripts/cron/removedead.php (NEOatNHNG) 0001010: [organisational section] Reorder the view on organisation certificates (BenBE) 0001004: [misc] performance of CAcert webserver is hampered by simultaneous stats.php execution (BenBE) 0001219: [account administration] In SE console the GPG certificate statistics show wrong value for expired certs (NEOatNHNG) 0001213: [website content] "certifictate" is spelt incorrectly (egal) 0001208: [web of trust] Improve readability of "Assure someone" page (BenBE) 0000411: [website content] Wrong text is made into link (INOPIAE) 0000569: [my account] output order when removing email address (NEOatNHNG) 0001182: [misc] Fix Deprecation messages sqldump.php (NEOatNHNG) 0000380: [account administration] User management functions 0001003: [account administration] Provide a possibility to regularly review the permissions in the system (NEOatNHNG) 0000998: [web of trust] When entering an assurance in the WoT one line of the form the suffix is given in another line the suffix is missing. (INOPIAE) 0001090: [misc] Attempts to add existing e-mail to an account results in invalid / misleading error message (INOPIAE) 0000111: [certificate issuing] Private key backup (Sourcerer) 0000646: [web of trust] confusing link labels, 3 different names for the same assurance form (MartinGummi) 0000434: [website content] Formatting of news on start page (INOPIAE)
20 issues View Issues
Released 2013-06-30
0000782: [my account] Add "notes" field to certificate information (NEOatNHNG) 0001136: [account administration] Extend SE console with the functionality to revoke all user certificates of an user account (BenBE) 0000893: [Audit issues] Extend Delete account feature for support (INOPIAE) 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE) 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE) 0001200: [GPG/PGP] uses configuration files from world-writable directory (BenBE) 0001123: [certificate issuing] Add the Check CCA acception to all certificate creation processes (BenBE) 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE) 0001190: [website content] News does not display teaser (NEOatNHNG) 0001206: [GPG/PGP] gpg signing does't work (wytze) 0000663: [misc] Add "view personal" information sub menu to the "my details" menu (BenBE) 0001017: [certificate issuing] Chrome certificate enrollement (NEOatNHNG) 0001198: [website content] Change membership fee currency from USD to EUR (NEOatNHNG) 0000589: [certificate issuing] Replace old "agreement" on new certificate page with checkbox agree to CCA (INOPIAE) 0000776: [my account] Let the user add a comment to certificates to distinguish them (INOPIAE) 0001173: [account administration] While email or domain dispute check if the request belongs to a locked account and stop the process (NEOatNHNG) 0001186: [web of trust] Warning when determining MX records of a domain (egal) 0001176: [misc] Fix Deprecation messages due to PHP update (BenBE) 0000457: [GPG/PGP] missing variable replacement in certificate creation mail (INOPIAE) 0000577: [source code] XHTML 1.1 validity of documents not given 0000822: [certificate issuing] Please add a sort of description field to server/client certificates (INOPIAE) 0000454: [account administration] Please add a description field to the Certificates (INOPIAE)
20 issues View Issues
Released 2013-04-01
0000777: [account administration] Slow reply when searching for a user account (INOPIAE) 0000922: [account administration] CAcert application code problem causing missing "certificate about to expire" messages (NEOatNHNG) 0001159: [source code] it might be possible to execute commands on the signing server (BenBE) 0001121: [my account] Record the CCA acception for the account creation (NEOatNHNG) 0001102: [website content] New Class3 root Policy links to http://www.CAcert.org/index.php?id=10; page displays: plz correct link (MartinGummi) 0000999: [account administration] When revoking an assurance in the SE console the messagebox is unclear (egal) 0001134: [source code] Delete the board flag thourougly in all parts of our software (NEOatNHNG) 0001008: [account administration] View for SE to see if user is Organisation Admin for which Organisation Accounts (NEOatNHNG) 0000740: [website content] How to become an assurer is missleading 0001124: [my account] Selection of additional languages, sorting is somewhat strange 0000602: [website content] navigation bar - About CAcert.org Menu section missing if logged in 0001122: [account administration] Give Support the chance to see when the first and the last CCA acception took place 0001094: [my account] Wrong information shown when disputing a domain that is part of a organisation account. 0001165: [certificate issuing] Wrong wording for explanation of the organisation assurances. found in ../pages/account/10.php:29 0001154: [website content] Failed client cert login message talks about wrong menu item "Normal Login" instead of "Password Login" 0001171: [misc] cron-driven warning.php script causes annoying warnings 0001099: [misc] Automatic CAcert's root certificate install on Windows via Internet Explorer. 0001112: [website content] Exchange the text on the TTP page according to the new TTP programm 0001144: [misc] cacert.org enables TLS Compression (which is insecure, CRIME-attack) 0001063: [source code] Review the code regarding the new point calculation in ./scripts/nearest.php 0000044: [my account] Promoting users to become assured (MartinGummi) 0000067: [website content] Website is incomprehensible for first time assurers (tgage) 0000483: [certificate issuing] Please send more verbose emails concerning certificate revocation (INOPIAE)
23 issues View Issues
Released 2013-01-01
0000964: [certificate issuing] VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048 0001141: [my account] If i delete Domains, no Servercerts for this domains are listet, even not the revoked 0001082: [my account] The text on the login form is not shown inside the grey box 0001097: [translations] Special characters which have no HTML-entities are not properly escaped (NEOatNHNG) 0001119: [certificate issuing] Error importing CRL to Firefox/Thunderbird 0001133: [web of trust] It should not be possible to assure a blocked account (NEOatNHNG) 0000512: [organisational section] Org admins must have 100 points (NEOatNHNG) 0000795: [account administration] contact form does not signal whether filed request is senstive or open (NEOatNHNG) 0001034: Delete files that are no longer needed as they are obsolete after bug fixing (NEOatNHNG) 0001009: [website content] Exchange OA policy in the WebDB with the one in SVN (rev p20080401.1) (NEOatNHNG) 0001069: [my account] Typo in View 41 (NEOatNHNG) 0000888: [Audit issues] to add new assurance method TTP (NEOatNHNG) 0001118: [source code] Add new fields to the database (NEOatNHNG) 0000930: [web of trust] types wrong points in "Assure Someone" form 0000801: [web of trust] Date of assurance should be in user's timezone
15 issues View Issues
Released 2012-10-01
0000489: [web of trust] Pb on rewarding 2 points for an assurance (INOPIAE) 0001114: [website content] Change CAcert postal address to the current one on index/11.php (NEOatNHNG) 0001111: [website content] Change the text on the TTP page according to the new TTP programm (NEOatNHNG) 0001110: [translations] Please add new language (NEOatNHNG) 0001109: [website content] Add SWIFT Number to Australian Bank Account (NEOatNHNG) 0001083: [organisational section] Resize comment field for adding new organisation administrators (BenBE) 0001080: [organisational section] The link on page to iso code on account.php?id=24 show no result (BenBE) 0001074: [web of trust] Wrong display of method on points page wot.php?id=10 (Uli60) 0000978: [certificate issuing] Invalid SPKAC requests are not properly validated (BenBE) 0000977: [account administration] admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue (NEOatNHNG) 0000860: [my account] someone accessed your password and secret questions page, plz change pwd translation mixed and garbled, text is tanslated in TL (BenBE) 0000590: [account administration] Join procedure must get Agreement to CCA (Uli60) 0001091: [web of trust] Improve message to Assurer (egal) 0001125: [website content] Testsystem main page, contact form, better text 0001106: [source code] Add new fields to the database (INOPIAE) 0001081: [translations] https://secure.cacert.org/account.php shows funny characters (INOPIAE) 0000975: [account administration] report potential database inconsistency in SE console (debug infos) (Uli60) 0000938: New Org Client Certs form with two buttons and only one function? (Uli60) 0000857: Button on confirmation page after sending an email to contact an assurer is in English instead of German (INOPIAE) 0000715: Ability to mass-mail Assurers 0000579: [certificate issuing] Link text does not change with its own function. (INOPIAE) 0000568: [certificate issuing] client certificate login ability not saved on submission 0000543: [website content] The "Join"-page https://www.cacert.org/index.php?id=1 needs some info how names should be entered 0000516: [website content] Copyright notice stating 2006 when logged in 0000507: [website content] house style incorporation into web pages (INOPIAE) 0000503: [website content] use new CAcert logo (INOPIAE) 0000502: [website content] reference to policy documents on web site 0000468: [certificate issuing] No Keyids, serials in cert/key lists and emails 0000435: [GPG/PGP] typos in cert email creation (INOPIAE) 0000433: [account administration] The example password can be used on registration (INOPIAE) 0000424: [account administration] Text for domain validation insufficient (INOPIAE) 0000423: [certificate issuing] Add Support for Organizational (Organisational) Codesigning Certificates (INOPIAE) 0000383: [certificate issuing] You've been assured e-mail has a typo (english) 0000379: [account administration] problem on page "forgotten password" 0000370: [translations] The form to find an Assurer is not translated. (INOPIAE) 0000362: [certificate issuing] Organisational Code Signing Certificates (INOPIAE) 0000315: [organisational section] Broken Org admin link / try and add an Org admin 0000307: [source code] make_hash broken (INOPIAE) 0000235: [website content] would like to have statistics per region back 0000214: [certificate issuing] Uniqueness of public keys accross different users (Sourcerer) 0000123: [account administration] Find user does not show unverified users (INOPIAE) 0000103: [account administration] Administrative interface doesn't show certificates (INOPIAE) 0000095: [website content] Assurance suggestion 0000042: [website content] Add a link to the HowTo´s, that are available on the Frontpage 0000039: [GPG/PGP] 0000028: Add the PGP Key ID to the list of signed Keys (Sourcerer) 0000034: [website content] 0000010: Contact Us Page (General Layout) 0000023: [website content] 0000013: Cookie-Warning on Login Page 0000020: [website content] 0000005: General wording
48 issues View Issues
Released 2012-07-01
0000981: [organisational section] New layout of view for Organisation Administraors in account/id35 (NEOatNHNG) 0001075: [web of trust] On the assure someone page the links to the CAP-forms do not work (NEOatNHNG) 0001024: [misc] Assurer flag is not set correctly on updatesort.php run (NEOatNHNG) 0001019: [my account] Contact form does not work when logged in! (NEOatNHNG) 0000967: [organisational section] Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer (egal) 0000866: [source code] code fix in /scripts/addpoints.php (edgarwahn) 0000855: [account administration] Fix adding TTP assurance method on testserver (was: admin console lists "empty" and "Unknown" ...) (Uli60) 0000789: [organisational section] Editing domain for organisations does not work (NEOatNHNG) 0000003: [certificate issuing] Single Character Middle Initial clear name from subject (Uli60)
9 issues View Issues
Released 2012-04-01
0000460: [GPG/PGP] Please disable GPG signing until we have a production-quality system (Sourcerer) 0000571: [account administration] need for email addresses (or link) in admin console (NEOatNHNG) 0001072: [my account] CATS results don't get imported due to IP address change (NEOatNHNG) 0001041: [translations] German version of new point calculation inconsistend in use of "Sie" and "Du" (NEOatNHNG) 0001033: [web of trust] User can grant more then 35 points (NEOatNHNG) 0001027: [website content] Add information for affiliate program from booking.com (egal) 0001014: [web of trust] Remove the system of automatically adding a timestamp (INOPIAE) 0001011: [translations] HTML tags in translations are not escaped (NEOatNHNG) 0001002: [web of trust] Contact Assurer form leaves a funny comment after sending (NEOatNHNG) 0000997: [web of trust] Two confusing strings (INOPIAE) 0000606: [translations] French translation for "Assure Someone" (INOPIAE) 0000567: [web of trust] Cannot assure someone with uppercase letters in the email address (INOPIAE)
12 issues View Issues
Released 2012-01-01
0000664: [website content] Bad Mime-type for the DER root certificates (wytze) 0001029: [website content] Improvement: Query database for fingerprint / public key of every cacert.org login (Uli60) 0000985: [translations] Move from translingo to pootle (Ted) 0000794: [account administration] visibility over certificates for sysadm in account administration (egal) 0000451: [certificate issuing] typo problem in Certificate Expired message (English version)
5 issues View Issues
Released 2011-10-01
0000827: [tverify] Tverify points to be deprecated (egal) 0000966: [organisational section] Delete Admin for [organization] deletes admin even though cancel button is pressed (Ted) 0000957: [organisational section] Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible (NEOatNHNG) 0000909: [source code] too many error messages logged by php code (Uli60) 0000968: [source code] split 0000909: too many error messages logged - part II - general.php (Ted) 0000908: [source code] Session unregister when logging out seems to contain bugs (Uli60) 0000894: [Audit issues] problems with check-boxes on website forms (Assure someone) -> a20091118.3 (NEOatNHNG) 0000882: [account administration] display Assurance when field in list of assurances received, assurances given by a user in admin console interface (Uli60) 0000871: [website content] Typo in german CAP Form (Uli60) 0000596: [account administration] add column serial# in certs overviews (client, server, orgclient, orgserver) (NEOatNHNG) 0000976: [misc] List of update request for webdb database structure upgrade with tables / fields (Uli60) 0000846: [website content] Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2) (Ted)
12 issues View Issues
Released 2011-07-01
0000954: [certificate issuing] script to bulk revoke weak keys (Ted) 0000940: [website content] Outsource Webdb text pages help.php?id=0..9 to wiki (Ted) 0000963: [source code] Logout Session not completely reset (NEOatNHNG) 0000959: [web of trust] add points tbl A unverified add (NEOatNHNG) 0000955: [organisational section] Possibilty to change the sorting order for the organisation overview (Uli60) 0000948: [source code] Email address verification violates SMTP protocol (Uli60) 0000942: [misc] CATS import interface is not fit to handle non-Assurer Challenge tests (NEOatNHNG) 0000921: [Audit issues] http://www.cacert.org/index.php?id=10 fixes PP (Privacy Policy) (Uli60) 0000911: [GPG/PGP] Wrong expiration time in newly added GPG Key if Key has no Expire date (NEOatNHNG) 0000910: [website content] Replace "Board" list under http://www.cacert.org/index.php?id=8 with Wiki Link (Ted) 0000897: [website content] Prerequisites to do code signing differ in About->Point System and CPS (Uli60) 0000868: [translations] Hint to the root distribution license is broken in german translation (Uli60) 0000841: Problems on cert login with "duplicate" serial numbers (WAS: Cannot create client certificate at https://cacert1.it-sls.de/) (NEOatNHNG) 0000819: [source code] Comparison instead of Assignment (NEOatNHNG) 0000818: [source code] Syntax Errors in Unused Code (NEOatNHNG) 0000717: [misc] Certificate login does not work for certificates signed by the class 3 root (Uli60) 0000716: [website content] non-intuitive to find out if one’s still an assurer (Uli60) 0000637: [logged out] Password suggestion always the same (NEOatNHNG)
18 issues View Issues
Released 2011-04-01
0000896: [source code] Remove translation files from tarballs (edgarwahn) 0000845: Cannot verify additional email address (Uli60) 0000821: [my account] CAcert does not link my secondary email account to my acount (Uli60) 0000665: [certificate issuing] Intermediate level-3 certificate is MD5-signed (Uli60) 0000946: [misc] class3 subroot resign procedure - rollout (Uli60)
5 issues View Issues
Released 2010-10-01
0000895: [my account] Login to Testserver-Mgmt-System doesn't work (identified to have special char "§" in password) (edgarwahn) 0000876: [website content] NRP-DaL to be removed immediately (NEOatNHNG) 0000867: [source code] code fix in /www/wot.php (edgarwahn) 0000865: [misc] removal of unused /pages/wot/7-old.php (edgarwahn) 0000831: [misc] (Missing) IPv6 DNS entries make mailserver reject mails (wytze) 0000515: [website content] Please add a huge notice that TTP is not available in certain countries on TTP info page and forms (Uli60)
6 issues View Issues
Released 2010-07-01
0000853: [account administration] Feature request: Addition to the SE interface so that it is possible to add and remove arbitraty numbers from Experience Points (Uli60) 0000829: [website content] NRP-DaL to be removed from website, replaced by RDL (edgarwahn) 0000804: [account administration] Don't show the requested pass phrase in the mail sent to support (Sourcerer) 0000326: [account administration] searching for domain IDs (Sourcerer)
4 issues View Issues
Released 2010-04-01
0000817: [account administration] Whois parser issues when listing ping emails for domain add (Sourcerer)
1 issue View Issues
Released 2010-01-01
0000814: [GPG/PGP] Multiple OpenPGP keys are handled incorrectly (Sourcerer) 0000778: GPG/PGP-Key upload not possible (Sourcerer) 0000750: [Audit issues] Broken Link on http://wiki.cacert.org/wiki/PolicyDrafts (Uli60)
3 issues View Issues
Released 2009-10-01
0000730: [website content] statistics pages are slow (Sourcerer) 0000793: [source code] stats.php consumes big time to finish - add caching feature (Sourcerer) 0000673: [web of trust] wot.php Assurance Confirmation page has errors 0000134: [website content] Topic Text (wonderer) 0000133: [web of trust] find assurer shows wrong places (wonderer) 0000130: [certificate issuing] Certificate Identifier seems wrong (wonderer)
6 issues View Issues
Released 2009-07-01
0000752: [web of trust] Invalid message for users trying to assure without passed Assurer Challenge (Sourcerer) 0000656: [certificate issuing] OCSP request using GET method (Sourcerer)
2 issues View Issues
Released 2009-04-01
0000207: [source code] [security bug] cross site scripting 0000215: [certificate issuing] Challenge isn´t verified on SPKAC requests (Sourcerer) 0000378: [source code] CCSR API SQL Injection (Sourcerer) 0000449: [website content] Bad web link on Orga Assurance page (Sourcerer) 0000544: [certificate issuing] personal client certificates without login capability (Sourcerer) 0000556: [certificate issuing] org certificate renewal doesn't work (Sourcerer) 0000582: [organisational section] Can not issue organisation server certificate (Sourcerer) 0000749: [website content] Broken Link on https://www.cacert.org/policy/AssurancePolicy.php (Sourcerer) 0000747: [translations] Assure someone => start notify mail => ERROR! Mail has sent (Uli60) 0000743: [website content] [Patch] cacert/pages/account/55.php: call to gettext inside a string (Sourcerer) 0000722: [Audit issues] server cert of OSCP server is expired (Sourcerer) 0000720: [my account] Unable to join (Sourcerer) 0000718: [website content] Broken Link: About CAcert - Mailing Lists (Sourcerer) 0000712: [translations] Typo in German domain verification mails 0000693: [website content] About- CAcert Board webpage can not be managed 0000668: [GPG/PGP] Confusing Output on key with a single UID (Sourcerer) 0000662: [certificate issuing] Issuing certificates via the CertAPI facility does not work [solution known] (Sourcerer) 0000651: [misc] Useless use of UTF-8 MIMEWords in E-Mail subjects (Sourcerer) 0000588: [account administration] Turn off old "candidate" Assurers (Uli60) 0000570: Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs 0000564: [website content] security contact information (Sourcerer) 0000522: DNS A record required to verify domain ownership 0000506: [web of trust] CCA agreement marking check on assurance page (teus) 0000504: [account administration] CCA agreement in CAP/COAP forms (teus) 0000443: [my account] All locations for Slovenia are broken (Sourcerer) 0000336: [certificate issuing] Verification mail and pages (Sourcerer) 0000227: [GPG/PGP] mysql_real_escape_string sometimes prevents adding of gpg keys (Sourcerer) 0000106: [website content] PHP Settings improvement (Sourcerer) 0000057: [GPG/PGP] Recognize multiple GPG keys in a signing request (Sourcerer) 0000012: [GPG/PGP] revoked subkeys are also tried to be signed (Sourcerer) 0000009: [account administration] a web ssl-enabled interface to upload sensitive documents for support@cacert.org
31 issues View Issues
Released 2009-01-01
0000702: [certificate issuing] new domain certificate request page there is a broken link to /docs/ (Sourcerer) 0000694: [website content] About- CAcert Board webpage can not be managed 0000675: [account administration] Support request to add the location Hoogezand-Sappemeer to the database (teus) 0000493: [misc] mantis could include additional projects 0000186: [web of trust] agreement on the CAP forms (teus) 0000708: [account administration] CCA checkbox doesn't work, no registration possible (Sourcerer)
6 issues View Issues
Released 2008-01-01
0000412: [misc] please remove sqldump.php (Sourcerer) 0000480: [certificate issuing] Can't renew/revoke certificate (Sourcerer) 0000521: [GPG/PGP] Wrong expiration date (Sourcerer) 0000600: [source code] NS Client certs can be created with an arbitrary email address attached. (Sourcerer) 0000643: [my account] verify domain fails 0000640: [certificate issuing] Root cert returns 404 (Sourcerer) 0000605: [website content] bugs.cacert.org => General information 0000604: [translations] German Translation: Menu section "Streifälle/Mißbrauch" 0000603: [translations] Deutsche Uebersetzung: My Details - My Points 0000599: [source code] XSS exploit in general.php/waitForResult (Sourcerer) 0000595: [source code] Arbitrary addition to list of email addresses valid to verify a domain as being under the control of the user. (TheSourcerer) 0000559: [CAcert Stamp] incorrect relativ links (Sourcerer) 0000558: [website content] CAcert Board member listing wrong (Sourcerer) 0000557: [my account] certificate not revocable (Sourcerer) 0000555: [certificate issuing] Impossible to create client certificate with no mailaddress 0000542: [website content] certificate expire information on http://www.cacert.org/index.php?id=19 are wrong (Sourcerer) 0000501: [website content] assurance challenge notice (Ted) 0000499: [my account] Need to store and display "Passed the Assurer Challenge" status (Ted) 0000487: [CAcert Stamp] mantis bugtracker needs update to 1.1.1 0000419: [certificate issuing] Typo in automated message regarding cert renewal (Sourcerer) 0000415: [source code] cacert.sql file in current source download file (20070207) is out of date (Sourcerer) 0000414: [tverify] [Tverify] Need a list of still pending request (Sourcerer) 0000361: [website content] Orga-Admin area is not Multi-Tab safe (Sourcerer)
23 issues View Issues
Released 2007-01-01
0000143: [logged out] nobody is perfekt (Sourcerer) 0000310: [misc] New Colo (Sourcerer) 0000346: [website content] Root certificate and Fingerprint on unsecure Site (Sourcerer) 0000469: [GPG/PGP] No email address shown in keylisting (Sourcerer) 0000464: [misc] IRC nicknames cannot be registered if longer that 9 characters 0000461: [misc] Bugtracker should default to https 0000456: [translations] Error message in https://secure.cacert.org/account.php unstralated (german) (Sourcerer) 0000455: [GPG/PGP] GPG key without E-mail address cannot be signed 0000453: [organisational section] linking to deleted accounts (Sourcerer) 0000447: [GPG/PGP] You can have any arbitrary userid signed with the cacert root key (Sourcerer) 0000441: [certificate issuing] ocsp class 3 organisations certifiacte not working (Sourcerer) 0000436: [GPG/PGP] Any live SMTP call stage of domain email before domain email checking (Sourcerer) 0000432: [web of trust] Error message after sending reminder (Sourcerer) 0000418: [website content] Remove links to news.php (Sourcerer) 0000417: [website content] http://www.cacert.org/docs/ shows directory listing (Sourcerer) 0000410: [certificate issuing] Status of certificate not reflected on website (Sourcerer) 0000382: [misc] Support Mailinglist (cacert-support@lists.cacert.org) bounces mails 0000373: [misc] Password reset (epilitimus) 0000368: [web of trust] Wrong URL for Location Editing (epilitimus) 0000367: [website content] e-mail contact via contact formular on www.cacert.org to find assurer seems not to be working (epilitimus) 0000365: [website content] Class3 Fingerprint (Sourcerer) 0000364: [website content] Text Download for Root Certs (epilitimus) 0000345: [certificate issuing] Class 3 client certificates are not accepted for email signing by SeaMonkey and Thunderbird (epilitimus) 0000343: [GPG/PGP] Don't get my gpg key signed, but no error message (duane) 0000337: [certificate issuing] Race condition in the Database (Sourcerer) 0000334: [organisational section] OU value not set in an Organisational certificate even though "Department" is supplied when creating certificate 0000324: [certificate issuing] Cannot issue "Client cert" with OU from the new org client cert form 0000322: [web of trust] Alternative names aren´t found (Sourcerer) 0000312: [certificate issuing] removed except the CommonName field (Sourcerer) 0000280: [my account] Impossible to be localised in France 0000258: [GPG/PGP] signs uids with unverified email addresses (Sourcerer) 0000236: [GPG/PGP] I always get "No emails found on your key" when trying to sign a GPG Pubkey (Sourcerer) 0000202: [certificate issuing] broken index.txt (Sourcerer) 0000184: [GPG/PGP] No Resigning, when GPG-Key is signed (Sourcerer) 0000139: [GPG/PGP] CAcert does not sign previously signed Sub-IDs (Sourcerer) 0000059: [certificate issuing] Problem in translation (Sourcerer) 0000054: [organisational section] Issue org code signing certs (Sourcerer) 0000027: [website content] 0000022: CAcert certificate seal verification service broken 0000409: [certificate issuing] Emails after cert generation have wrong link to certificate (Sourcerer)
39 issues View Issues
Released 2006-01-01
0000317: [certificate issuing] SHA-2 support (duane) 0000002: [account administration] [Support] Need web interface to modify the DOB of a user 0000056: [account administration] EMail Ping not safe enough 0000128: [organisational section] Need to get the email list of the org admins 0000065: [website content] Security Hole: CrossSiteScripting (duane) 0000145: [logged out] Beware of the Evil ... 0000158: [source code] Inserting text into the CAcert website 0000161: [source code] concerning variable reuse 0000164: [source code] org eat org 0000175: [website content] We need a way to shutdown the website (Sourcerer) 0000181: [web of trust] Double Assurance (Sourcerer) 0000183: [source code] don't trust my names 0000194: [source code] Don't trust the users (Sourcerer) 0000195: [source code] Session Security 0000200: [web of trust] creating client certs with arbitrary names included 0000203: [misc] old versions (duane) 0000205: [website content] [security bug] information gathering 0000206: [source code] [security bug] bad style of programming 0000208: [source code] [security bug] unverified SQL injeciton in gpg.php (Sourcerer) 0000217: [source code] remove old functionality for CSR 0000218: [source code] variables not reset 0000245: [GPG/PGP] Shell escape 0000265: [certificate issuing] Server certificate included extra DNS names (Sourcerer) 0000286: [my account] language issues (1/2) 0000289: [misc] Exploiting whois and the add domain function 0000309: [misc] New DNS servers (evaldo) 0000335: [misc] OCSP responds "unknown" (Sourcerer) 0000374: [website content] thawte verification wiki 0000355: [account administration] Separation of Admin and Organisation-Assurer (Sourcerer) 0000354: [website content] translation on page https://www.cacert.org/index.php?id=5 and other small corrections (wonderer) 0000351: [website content] little corrections on http://www.cacert.org/index.php?id=51&lang=de_DE 0000344: [GPG/PGP] Can't delete gpg key 0000342: [GPG/PGP] Menu order: GPG/PGP Keys 0000331: [organisational section] "Organisation Assurance" gives only error message "Parse error: syntax error, unexpected T_IF in /www/pages/wot/11.php on line 1 0000323: [organisational section] Cannot add and remove an admin to/from an organisation 0000321: [website content] PHP Error when trying to install certificate into IE7 (duane) 0000319: [translations] Untranslated logos page (aanriot) 0000316: [web of trust] Redesign of the CAP/TTP forms 0000314: [website content] localised a assurrer in Ingolstadt, Bayern, Germany (776272) (Sourcerer) 0000311: [web of trust] You are receieving this email as you are the listed contact for: ??? (blank) 0000308: [source code] tverify missing (Sourcerer) 0000306: [web of trust] ID copies (Sourcerer) 0000296: [translations] german translation "März" not "Mrz" 0000295: [translations] english text in german page 0000302: [website content] in Germany we have ä, ö and ü | the cities in your db are only written with a o u and not with ae oe ue 0000300: [my account] assured people don`t get points from me 0000299: [source code] sqldump without ; (Sourcerer) 0000298: [website content] ©2002-2005 by CAcert 0000294: [translations] english text in german translation 0000293: [translations] english text in german translation 0000297: [translations] missing translations to german in menu on right side (duane) 0000292: [translations] The german translation are not display complete (duane) 0000288: [misc] Bad usage of checkEmail 0000284: [account administration] move the LostPassphrase answers (+questions) to an additional page (duane) 0000283: [account administration] move the DOB editing to a seperate page (duane) 0000281: [source code] make.php.dist (duane) 0000278: [web of trust] Location DB Admin broken (duane) 0000277: [website content] Secure IRC missing (duane) 0000275: [certificate issuing] Race condition 0000274: [website content] More information about CAcert Inc. (duane) 0000271: [source code] dsffdfdd 0000267: [source code] register globals CSR (duane) 0000266: [account administration] My Alerts reset 0000261: [my account] not listed as assurer although defined "i want to be listed" as well as the correct region "Wien, Wien, Austria" 0000256: [certificate issuing] Cert Renewal Problem - Link to Wiki 0000255: [account administration] Mantis email interface is not RFC compliant 0000252: [translations] Translation not working at all (Sourcerer) 0000248: [account administration] password reset does not work in admin mode (duane) 0000244: [account administration] AJAX (location) From stopped working (duane) 0000240: [web of trust] OCSP response signer's certificate expired 0000233: [account administration] marriage 0000229: [certificate issuing] no "cancel" Button (wonderer) 0000228: [account administration] No confirmation mail after registration 0000219: [web of trust] "Find an Assurer" unusable (at least without javascript) 0000212: [source code] Missing "Your Certificate is about to expire" scripts 0000211: [website content] in index/1.php, there is irritating text 0000210: [misc] unabled to add .EU domain / Cookie issue with Mozilla (duane) 0000209: [source code] unauthenticated access on the test1 website (duane) 0000201: [web of trust] incorrect baltic character encoding/font on CAP form 0000199: [misc] necessary security update for wordpress blog software 0000191: [my account] "Assurance Points You Issued" entries are out of sequence 0000189: [account administration] Can login with Certificate but can't change Password 0000187: [website content] Website menu : Point system (duane) 0000185: [my account] Irritating message when trying to log into unverfied account 0000182: [source code] index.php?id=2 always writes confirmation message 0000180: [organisational section] man in the middle attack to mails (Sourcerer) 0000178: [account administration] missing numbering of Assurances 0000177: [account administration] Safety question for 0 points assurance (Sourcerer) 0000174: [translations] Deutsche Übersetzung der Startseite, Gebü_h_ren bitte mit h (duane) 0000171: [source code] missing email notification 0000170: [web of trust] Set focus to email field on load 0000169: [website content] Use https for bugs.cacert.org (Sourcerer) 0000168: [my account] Add secondary contact language 0000167: [web of trust] No points might be added because the member already has got 35 points (Sourcerer) 0000166: [website content] Better usability for new localization 0000163: [account administration] Avoid a user to put 5 time the same question in the Q/A password recovery system 0000162: [source code] Useless setting of $id 0000160: [source code] "pointsalready <= 1500" makes no sence (duane) 0000159: [source code] $_SESSION['profile']['email'] in index/4.php 0000157: [source code] index/0.php uses initialized $rss 0000155: [source code] unparsed variables used in mysql query 0000154: [source code] Privacy concern 0000153: [source code] _SESSION['config'] doesn't exist 0000151: [account administration] Admin function to remove notification settings for users (Sourcerer) 0000150: [source code] Who is organized? 0000148: [GPG/PGP] site shouldn't rely on magic_quotes_gpc turned on 0000147: [website content] useless $key = $val 0000146: [source code] Unparsed variable written to session variable 0000142: [organisational section] The location db listing page should show the long/lat values of places (duane) 0000141: [website content] Certificate Classes need explanation (Sourcerer) 0000140: [website content] Please rename link "Further Information" or move it else where 0000136: [web of trust] How to get a blank CAP "WoT" or TTP form ? 0000132: [website content] Collision in variable names (Sourcerer) 0000125: [my account] wrong confirmationmessages if account was not validated (duane) 0000122: [organisational section] System Admin, Location DB: edit does not work 0000121: [website content] Help Translation Bug (Sourcerer) 0000116: [organisational section] Org master should be able to delete org admins 0000115: [account administration] Organisation Domain listing (Sourcerer) 0000112: [website content] A link to the mailing list index page would be useful (evaldo) 0000110: [account administration] View Domains (MichaelDiederich) 0000108: [account administration] Delete Email Accounts (MichaelDiederich) 0000101: [organisational section] Allowing organisational users to set any OU during certificate requests 0000094: [website content] Improved Errormessages (Sourcerer) 0000093: [account administration] Storing the original points that were awarded by assurance, even if rounded down afterwards (Sourcerer) 0000092: [account administration] Logging of the email addresses and the account of the person that generates an Email Ping (Sourcerer) 0000088: [my account] Check for security questions with the same answer 0000084: [certificate issuing] Organisational web certs do not include any attributes besides CN 0000083: [certificate issuing] Random Number exhaustion (duane) 0000080: [account administration] Account blocking/lockout feature request 0000076: [certificate issuing] Inclusion of the Certificates information (CN, O etc) in the cert expiration warning mail 0000074: [translations] Some less detail required (about 29.98 days == > about 30 days) 0000073: [translations] Untranslated texts in certificate renewal reminder e-mail 0000071: [website content] Certificate Login - usability problem (Sourcerer) 0000058: [certificate issuing] Expire policy compliance 0000046: [website content] Add another CRL link 0000036: [website content] 0000014: Image Translation (duane) 0000033: [website content] 0000008: Contact Us Page (Forms) 0000032: [website content] 0000007: Stylesheets for h3 tag 0000031: [website content] 0000006: Further Information Page 0000030: [GPG/PGP] 0000033 GPG Keysigning Broken for RSA Keys? 0000029: [my account] 0000029: Max Points on cap.php forms makes no sence 0000025: [website content] 0000020: Change-Language Links all Link to index.php 0000018: [website content] 0000032 Autocomplete should be set to off for LostPassword Questions 0000016: [website content] 0000018: Wrong or missing information on CAcert pages 0000014: [web of trust] 0000019: Tverify does not work in some cases : wrong thawte cert verification assumptions ?
145 issues View Issues
Released 2005-01-01
0000050: [my account] problem in assurance point handling 0000113: [account administration] Rounding errors 0000107: [account administration] Replacing Locations for France 0000098: [website content] Calendar on blog.cacert.org seems to have RAM Problems 0000097: [website content] URL points to MantisBT instead of CAcert.org 0000085: [website content] Login Redirect broken (duane) 0000079: [website content] Location Database: Rename London 0000072: [my account] Location needs to be renamed 0000063: [web of trust] I issued ZERO assurance points by mistake 0000062: [certificate issuing] Interoperability between Symantec Web Security Server and CAcert (duane) 0000011: [certificate issuing] Class 3 certificate migration (duane) 0000007: [organisational section] Mantis is misconfigured (duane) 0000004: [my account] 0000030: Missing Cities in the WoT Assurer Location list (duane)
13 issues View Issues
CATS.cacert.org - Change Log
Released 2008-01-04
0001245: [Admin Interface] Admin Interface does not accept non-ASCII characters in question text and description (Ted) 0001303: [Other] TLS of cats.cacert.org is weak and outdated (jandd) 0001140: [User Interface] Show if a test is passed in learnprogress (Ted) 0001161: [Result Upload] Handle error reports by server in UploadResults.pl 0000756: [Admin Interface] While editing answers to questions of type multiple choice. It's not possible to add answers. (Ted) 0000757: [User Interface] For some reason I really expect the CAcert logo to be hyperlinked to de website. (Ted) 0000889: [User Interface] Login with Client Certs class3 doesn't work - login with Client Cert Class1 works (Ted) 0000514: [User Interface] logged in as box not visible with Safari 3.0.4 (tigerp) 0000510: [User Interface] Organisation certificates must not be accepted for Login (Ted) 0000474: [Database] Privacy issues concerning user table (Ted) 0000476: [Database] user_address table contains sensitive information and should be treated as such (Ted) 0000472: [User Interface] Progress cannot be shown (Ted)
12 issues View Issues