Main CAcert Website - Change Log
Released 2014-12-31
- 0001341: [my account] Rate limit for login attempts (BenBE)
- 0001361: [GPG/PGP] Remove dead code from gpg.php file (BenBE)
- 0001146: [website content] push the clean DRAFT TTP-assisted-assurance Sub policy onto the main website (NEOatNHNG)
- 0000773: [certificate issuing] No confirmation of revocation of server certificate (BenBE)
- 0000597: [account administration] email notification for revoked certificates (BenBE)
- 0001345: [website content] replace DRAFT CCA with POLICY CCA (BenBE)
- 0001131: [website content] Rename _all_ Policies from .php to .html and fix all links (was: Rename PolicyOnPolicy.php to .html) (NEOatNHNG)
- 0000482: [account administration] Certificates are automatically revoked on deletion of email address
8 issues View Issues
Released 2014-09-30
- 0001262: [misc] SslLabs B rating (if trust issues are ignored) for cacert.org SSL/TLS setup (wytze)
- 0000790: [organisational section] Creating organisation client certs by pasted CSR (NEOatNHNG)
- 0000824: [organisational section] Organisation User Certificates: Need UI improvement for proper production usage (Uli60)
- 0001318: [source code] E-Mail Probe does not consider mx priorities (NEOatNHNG)
- 0001289: [certificate issuing] CACert.Org Intermediate Cert Still Signed With MD5 (wytze)
- 0000028: [certificate issuing] 0000026 Wrong language for ''you've been assured'' & ''[CAcert.org] Client Certificate'' emails (NEOatNHNG)
- 0001192: [website content] Check on log into the account if user aggreed to CCA, if not prompt him an acception form (BenBE)
- 0001314: [misc] SSL/TLS support for SSL3 protocol and 3DES cipher suite should be disabled (wytze)
- 0001301: [account administration] sanitizeHTML function converts input which contains non-ascii characters to an empty string (NEOatNHNG)
- 0001273: [source code] Replace all backtick operators with calls to runCommand() or shell_exec() (NEOatNHNG)
- 0000119: [GPG/PGP] Policy URL (Sourcerer)
11 issues View Issues
Released 2014-06-30
- 0001288: [account administration] Support STARTTLS when doing a ping mail (NEOatNHNG)
- 0001263: [certificate issuing] Feature Request: Support OpenNIC TLDs (wytze)
- 0001226: [web of trust] add DoB to selection of assuree (BenBE)
- 0001293: [website content] Replace CCA document with new DRAFT version (BenBE)
- 0001297: [source code] includes/lib/check_weak_key.php is broken after upgrade to Debian Wheezy with openssl 1.0 (BenBE)
- 0001298: [source code] CommModule code requires a trivial change to run with Debian Wheezy (BenBE)
- 0001292: [certificate issuing] Issuing Certificates with "Public Exponent: 1 (0x1)" (BenBE)
- 0001276: [GPG/PGP] Middle Initial Matching for uid on GPG identities (BenBE)
- 0001291: [web of trust] executable code can be entered in location field, executable on wot15 (NEOatNHNG)
- 0001172: [source code] Move the database engine from myISAM to InnoDB (BenBE)
- 0001283: [web of trust] WoT Contact form shows additional locales double-HTML-encoded (egal)
- 0001281: [website content] Internal Error on training page (egal)
- 0001280: [web of trust] WOT: Contact Assurer form does not print preferred language (BenBE)
13 issues View Issues
Released 2014-03-31
- 0000929: [misc] GPG/PGP menu items expand the wrong root (BenBE)
- 0001221: [web of trust] Inconsistency in Assurance Management (BenBE)
- 0001138: [account administration] Implement to log the SE activity (NEOatNHNG)
- 0000413: [certificate issuing] Add a web page indicating the certificate request is still pending (BenBE)
- 0001275: [organisational section] Missing quotes around"masteracc" array index (BenBE)
- 0001272: [certificate issuing] Arbitrary Code Execution via SQL injection on certain database fields (NEOatNHNG)
- 0001266: [certificate issuing] Second-Level SQL Injection in Certificate-related queries (NEOatNHNG)
- 0001184: [GPG/PGP] Hex2bin function (BenBE)
- 0001265: [misc] Notification about Heartbleed OpenSSL bug to members (BenBE)
9 issues View Issues
Released 2013-12-31
- 0001137: [web of trust] Record the CCA acception for entering an assurance (BenBE)
- 0001237: [certificate issuing] Certificates should be issued using sha512WithRSAEncryption for signatures (NEOatNHNG)
- 0001070: [account administration] Certain account passwords are logged in web server error log. (NEOatNHNG)
- 0000448: [certificate issuing] when revoking a certificate, confusing info is given to the user (NEOatNHNG)
- 0001257: [account administration] CCA statistics generates error entry (BenBE)
- 0001239: [account administration] Increase textbox size for the secret questions during account creation (NEOatNHNG)
- 0001255: [certificate issuing] DSA certificate issuing ignores key strength (wytze)
- 0000440: [certificate issuing] Problem with subjectAltName (NEOatNHNG)
- 0001218: [certificate issuing] client cert issued no longer exportable with private key (class3). IE10 certs usage broken (NEOatNHNG)
- 0001135: [source code] Extend database table AdminLog et al (egal)
- 0000530: [certificate issuing] XMPP extension not present after renewal
- 0001035: [certificate issuing] CN gets deleted from subjectAltName on cert renewal
- 0000768: [certificate issuing] CAcert adds CommonName to SubjectAltName, although it's already there
- 0001195: [certificate issuing] Take out change ability on pages/account/6.php (wytze)
- 0001229: [website content] add short info to the create account page, that and why correct names should be entered (NEOatNHNG)
- 0001236: [account administration] Security questions rejected invalid on adding middle name (NEOatNHNG)
- 0001244: [website content] Put explanation text on front page (NEOatNHNG)
- 0001234: [web of trust] Link on assure someone ponts to the wrong web page (BenBE)
18 issues View Issues
Released 2013-09-30
- 0000918: [certificate issuing] Weak keys in certificates (NEOatNHNG)
- 0001005: User is shown in find an Assurer while account is deleted (INOPIAE)
- 0001199: [GPG/PGP] arbitrary code injection (BenBE)
- 0001064: [source code] Review the code regarding the new point calculation in ./scripts/areacheck.php (NEOatNHNG)
- 0001045: [source code] Review the code regarding the new point calculation in ./scripts/cron/removedead.php (NEOatNHNG)
- 0001010: [organisational section] Reorder the view on organisation certificates (BenBE)
- 0001004: [misc] performance of CAcert webserver is hampered by simultaneous stats.php execution (BenBE)
- 0001219: [account administration] In SE console the GPG certificate statistics show wrong value for expired certs (NEOatNHNG)
- 0001213: [website content] "certifictate" is spelt incorrectly (egal)
- 0001208: [web of trust] Improve readability of "Assure someone" page (BenBE)
- 0000411: [website content] Wrong text is made into link (INOPIAE)
- 0000569: [my account] output order when removing email address (NEOatNHNG)
- 0001182: [misc] Fix Deprecation messages sqldump.php (NEOatNHNG)
- 0000380: [account administration] User management functions
- 0001003: [account administration] Provide a possibility to regularly review the permissions in the system (NEOatNHNG)
- 0000998: [web of trust] When entering an assurance in the WoT one line of the form the suffix is given in another line the suffix is missing. (INOPIAE)
- 0001090: [misc] Attempts to add existing e-mail to an account results in invalid / misleading error message (INOPIAE)
- 0000111: [certificate issuing] Private key backup (Sourcerer)
- 0000646: [web of trust] confusing link labels, 3 different names for the same assurance form (MartinGummi)
- 0000434: [website content] Formatting of news on start page (INOPIAE)
20 issues View Issues
Released 2013-06-30
- 0000782: [my account] Add "notes" field to certificate information (NEOatNHNG)
- 0001136: [account administration] Extend SE console with the functionality to revoke all user certificates of an user account (BenBE)
- 0000893: [Audit issues] Extend Delete account feature for support (INOPIAE)
- 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
- 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
- 0001200: [GPG/PGP] uses configuration files from world-writable directory (BenBE)
- 0001123: [certificate issuing] Add the Check CCA acception to all certificate creation processes (BenBE)
- 0001177: [account administration] Combine wot.inc.php, notary.inc.php and temp-function.php (BenBE)
- 0001190: [website content] News does not display teaser (NEOatNHNG)
- 0001206: [GPG/PGP] gpg signing does't work (wytze)
- 0000663: [misc] Add "view personal" information sub menu to the "my details" menu (BenBE)
- 0001017: [certificate issuing] Chrome certificate enrollement (NEOatNHNG)
- 0001198: [website content] Change membership fee currency from USD to EUR (NEOatNHNG)
- 0000589: [certificate issuing] Replace old "agreement" on new certificate page with checkbox agree to CCA (INOPIAE)
- 0000776: [my account] Let the user add a comment to certificates to distinguish them (INOPIAE)
- 0001173: [account administration] While email or domain dispute check if the request belongs to a locked account and stop the process (NEOatNHNG)
- 0001186: [web of trust] Warning when determining MX records of a domain (egal)
- 0001176: [misc] Fix Deprecation messages due to PHP update (BenBE)
- 0000457: [GPG/PGP] missing variable replacement in certificate creation mail (INOPIAE)
- 0000577: [source code] XHTML 1.1 validity of documents not given
- 0000822: [certificate issuing] Please add a sort of description field to server/client certificates (INOPIAE)
- 0000454: [account administration] Please add a description field to the Certificates (INOPIAE)
20 issues View Issues
Released 2013-04-01
- 0000777: [account administration] Slow reply when searching for a user account (INOPIAE)
- 0000922: [account administration] CAcert application code problem causing missing "certificate about to expire" messages (NEOatNHNG)
- 0001159: [source code] it might be possible to execute commands on the signing server (BenBE)
- 0001121: [my account] Record the CCA acception for the account creation (NEOatNHNG)
- 0001102: [website content] New Class3 root Policy links to http://www.CAcert.org/index.php?id=10; page displays: plz correct link (MartinGummi)
- 0000999: [account administration] When revoking an assurance in the SE console the messagebox is unclear (egal)
- 0001134: [source code] Delete the board flag thourougly in all parts of our software (NEOatNHNG)
- 0001008: [account administration] View for SE to see if user is Organisation Admin for which Organisation Accounts (NEOatNHNG)
- 0000740: [website content] How to become an assurer is missleading
- 0001124: [my account] Selection of additional languages, sorting is somewhat strange
- 0000602: [website content] navigation bar - About CAcert.org Menu section missing if logged in
- 0001122: [account administration] Give Support the chance to see when the first and the last CCA acception took place
- 0001094: [my account] Wrong information shown when disputing a domain that is part of a organisation account.
- 0001165: [certificate issuing] Wrong wording for explanation of the organisation assurances. found in ../pages/account/10.php:29
- 0001154: [website content] Failed client cert login message talks about wrong menu item "Normal Login" instead of "Password Login"
- 0001171: [misc] cron-driven warning.php script causes annoying warnings
- 0001099: [misc] Automatic CAcert's root certificate install on Windows via Internet Explorer.
- 0001112: [website content] Exchange the text on the TTP page according to the new TTP programm
- 0001144: [misc] cacert.org enables TLS Compression (which is insecure, CRIME-attack)
- 0001063: [source code] Review the code regarding the new point calculation in ./scripts/nearest.php
- 0000044: [my account] Promoting users to become assured (MartinGummi)
- 0000067: [website content] Website is incomprehensible for first time assurers (tgage)
- 0000483: [certificate issuing] Please send more verbose emails concerning certificate revocation (INOPIAE)
23 issues View Issues
Released 2013-01-01
- 0000964: [certificate issuing] VBscript, Weak Keys script 4.php, 17.php to combine / select box key size and lower limit to 2048
- 0001141: [my account] If i delete Domains, no Servercerts for this domains are listet, even not the revoked
- 0001082: [my account] The text on the login form is not shown inside the grey box
- 0001097: [translations] Special characters which have no HTML-entities are not properly escaped (NEOatNHNG)
- 0001119: [certificate issuing] Error importing CRL to Firefox/Thunderbird
- 0001133: [web of trust] It should not be possible to assure a blocked account (NEOatNHNG)
- 0000512: [organisational section] Org admins must have 100 points (NEOatNHNG)
- 0000795: [account administration] contact form does not signal whether filed request is senstive or open (NEOatNHNG)
- 0001034: Delete files that are no longer needed as they are obsolete after bug fixing (NEOatNHNG)
- 0001009: [website content] Exchange OA policy in the WebDB with the one in SVN (rev p20080401.1) (NEOatNHNG)
- 0001069: [my account] Typo in View 41 (NEOatNHNG)
- 0000888: [Audit issues] to add new assurance method TTP (NEOatNHNG)
- 0001118: [source code] Add new fields to the database (NEOatNHNG)
- 0000930: [web of trust] types wrong points in "Assure Someone" form
- 0000801: [web of trust] Date of assurance should be in user's timezone
15 issues View Issues
Released 2012-10-01
- 0000489: [web of trust] Pb on rewarding 2 points for an assurance (INOPIAE)
- 0001114: [website content] Change CAcert postal address to the current one on index/11.php (NEOatNHNG)
- 0001111: [website content] Change the text on the TTP page according to the new TTP programm (NEOatNHNG)
- 0001110: [translations] Please add new language (NEOatNHNG)
- 0001109: [website content] Add SWIFT Number to Australian Bank Account (NEOatNHNG)
- 0001083: [organisational section] Resize comment field for adding new organisation administrators (BenBE)
- 0001080: [organisational section] The link on page to iso code on account.php?id=24 show no result (BenBE)
- 0001074: [web of trust] Wrong display of method on points page wot.php?id=10 (Uli60)
- 0000978: [certificate issuing] Invalid SPKAC requests are not properly validated (BenBE)
- 0000977: [account administration] admin console Sysadmin - find domain - lists 2 tables - one for user accounts, one for org accounts, naming issue (NEOatNHNG)
- 0000860: [my account] someone accessed your password and secret questions page, plz change pwd translation mixed and garbled, text is tanslated in TL (BenBE)
- 0000590: [account administration] Join procedure must get Agreement to CCA (Uli60)
- 0001091: [web of trust] Improve message to Assurer (egal)
- 0001125: [website content] Testsystem main page, contact form, better text
- 0001106: [source code] Add new fields to the database (INOPIAE)
- 0001081: [translations] https://secure.cacert.org/account.php shows funny characters (INOPIAE)
- 0000975: [account administration] report potential database inconsistency in SE console (debug infos) (Uli60)
- 0000938: New Org Client Certs form with two buttons and only one function? (Uli60)
- 0000857: Button on confirmation page after sending an email to contact an assurer is in English instead of German (INOPIAE)
- 0000715: Ability to mass-mail Assurers
- 0000579: [certificate issuing] Link text does not change with its own function. (INOPIAE)
- 0000568: [certificate issuing] client certificate login ability not saved on submission
- 0000543: [website content] The "Join"-page https://www.cacert.org/index.php?id=1 needs some info how names should be entered
- 0000516: [website content] Copyright notice stating 2006 when logged in
- 0000507: [website content] house style incorporation into web pages (INOPIAE)
- 0000503: [website content] use new CAcert logo (INOPIAE)
- 0000502: [website content] reference to policy documents on web site
- 0000468: [certificate issuing] No Keyids, serials in cert/key lists and emails
- 0000435: [GPG/PGP] typos in cert email creation (INOPIAE)
- 0000433: [account administration] The example password can be used on registration (INOPIAE)
- 0000424: [account administration] Text for domain validation insufficient (INOPIAE)
- 0000423: [certificate issuing] Add Support for Organizational (Organisational) Codesigning Certificates (INOPIAE)
- 0000383: [certificate issuing] You've been assured e-mail has a typo (english)
- 0000379: [account administration] problem on page "forgotten password"
- 0000370: [translations] The form to find an Assurer is not translated. (INOPIAE)
- 0000362: [certificate issuing] Organisational Code Signing Certificates (INOPIAE)
- 0000315: [organisational section] Broken Org admin link / try and add an Org admin
- 0000307: [source code] make_hash broken (INOPIAE)
- 0000235: [website content] would like to have statistics per region back
- 0000214: [certificate issuing] Uniqueness of public keys accross different users (Sourcerer)
- 0000123: [account administration] Find user does not show unverified users (INOPIAE)
- 0000103: [account administration] Administrative interface doesn't show certificates (INOPIAE)
- 0000095: [website content] Assurance suggestion
- 0000042: [website content] Add a link to the HowTo´s, that are available on the Frontpage
- 0000039: [GPG/PGP] 0000028: Add the PGP Key ID to the list of signed Keys (Sourcerer)
- 0000034: [website content] 0000010: Contact Us Page (General Layout)
- 0000023: [website content] 0000013: Cookie-Warning on Login Page
- 0000020: [website content] 0000005: General wording
48 issues View Issues
Released 2012-07-01
- 0000981: [organisational section] New layout of view for Organisation Administraors in account/id35 (NEOatNHNG)
- 0001075: [web of trust] On the assure someone page the links to the CAP-forms do not work (NEOatNHNG)
- 0001024: [misc] Assurer flag is not set correctly on updatesort.php run (NEOatNHNG)
- 0001019: [my account] Contact form does not work when logged in! (NEOatNHNG)
- 0000967: [organisational section] Give an OA the oppertuntiy to check if a desiginated Organisation Admininistrator is a CAcert assurer (egal)
- 0000866: [source code] code fix in /scripts/addpoints.php (edgarwahn)
- 0000855: [account administration] Fix adding TTP assurance method on testserver (was: admin console lists "empty" and "Unknown" ...) (Uli60)
- 0000789: [organisational section] Editing domain for organisations does not work (NEOatNHNG)
- 0000003: [certificate issuing] Single Character Middle Initial clear name from subject (Uli60)
9 issues View Issues
Released 2012-04-01
- 0000460: [GPG/PGP] Please disable GPG signing until we have a production-quality system (Sourcerer)
- 0000571: [account administration] need for email addresses (or link) in admin console (NEOatNHNG)
- 0001072: [my account] CATS results don't get imported due to IP address change (NEOatNHNG)
- 0001041: [translations] German version of new point calculation inconsistend in use of "Sie" and "Du" (NEOatNHNG)
- 0001033: [web of trust] User can grant more then 35 points (NEOatNHNG)
- 0001027: [website content] Add information for affiliate program from booking.com (egal)
- 0001014: [web of trust] Remove the system of automatically adding a timestamp (INOPIAE)
- 0001011: [translations] HTML tags in translations are not escaped (NEOatNHNG)
- 0001002: [web of trust] Contact Assurer form leaves a funny comment after sending (NEOatNHNG)
- 0000997: [web of trust] Two confusing strings (INOPIAE)
- 0000606: [translations] French translation for "Assure Someone" (INOPIAE)
- 0000567: [web of trust] Cannot assure someone with uppercase letters in the email address (INOPIAE)
12 issues View Issues
Released 2012-01-01
- 0000664: [website content] Bad Mime-type for the DER root certificates (wytze)
- 0001029: [website content] Improvement: Query database for fingerprint / public key of every cacert.org login (Uli60)
- 0000985: [translations] Move from translingo to pootle (Ted)
- 0000794: [account administration] visibility over certificates for sysadm in account administration (egal)
- 0000451: [certificate issuing] typo problem in Certificate Expired message (English version)
5 issues View Issues
Released 2011-10-01
- 0000827: [tverify] Tverify points to be deprecated (egal)
- 0000966: [organisational section] Delete Admin for [organization] deletes admin even though cancel button is pressed (Ted)
- 0000957: [organisational section] Resize the comment field on https://secure.cacert.org/account.php?id=27 so more information is visible (NEOatNHNG)
- 0000909: [source code] too many error messages logged by php code (Uli60)
- 0000968: [source code] split 0000909: too many error messages logged - part II - general.php (Ted)
- 0000908: [source code] Session unregister when logging out seems to contain bugs (Uli60)
- 0000894: [Audit issues] problems with check-boxes on website forms (Assure someone) -> a20091118.3 (NEOatNHNG)
- 0000882: [account administration] display Assurance when field in list of assurances received, assurances given by a user in admin console interface (Uli60)
- 0000871: [website content] Typo in german CAP Form (Uli60)
- 0000596: [account administration] add column serial# in certs overviews (client, server, orgclient, orgserver) (NEOatNHNG)
- 0000976: [misc] List of update request for webdb database structure upgrade with tables / fields (Uli60)
- 0000846: [website content] Better guidance of bonafide members in Join Form about Suffixes they doesn't have in their ID doxs (a20100207.2) (Ted)
12 issues View Issues
Released 2011-07-01
- 0000954: [certificate issuing] script to bulk revoke weak keys (Ted)
- 0000940: [website content] Outsource Webdb text pages help.php?id=0..9 to wiki (Ted)
- 0000963: [source code] Logout Session not completely reset (NEOatNHNG)
- 0000959: [web of trust] add points tbl A unverified add (NEOatNHNG)
- 0000955: [organisational section] Possibilty to change the sorting order for the organisation overview (Uli60)
- 0000948: [source code] Email address verification violates SMTP protocol (Uli60)
- 0000942: [misc] CATS import interface is not fit to handle non-Assurer Challenge tests (NEOatNHNG)
- 0000921: [Audit issues] http://www.cacert.org/index.php?id=10 fixes PP (Privacy Policy) (Uli60)
- 0000911: [GPG/PGP] Wrong expiration time in newly added GPG Key if Key has no Expire date (NEOatNHNG)
- 0000910: [website content] Replace "Board" list under http://www.cacert.org/index.php?id=8 with Wiki Link (Ted)
- 0000897: [website content] Prerequisites to do code signing differ in About->Point System and CPS (Uli60)
- 0000868: [translations] Hint to the root distribution license is broken in german translation (Uli60)
- 0000841: Problems on cert login with "duplicate" serial numbers (WAS: Cannot create client certificate at https://cacert1.it-sls.de/) (NEOatNHNG)
- 0000819: [source code] Comparison instead of Assignment (NEOatNHNG)
- 0000818: [source code] Syntax Errors in Unused Code (NEOatNHNG)
- 0000717: [misc] Certificate login does not work for certificates signed by the class 3 root (Uli60)
- 0000716: [website content] non-intuitive to find out if one’s still an assurer (Uli60)
- 0000637: [logged out] Password suggestion always the same (NEOatNHNG)
18 issues View Issues
Released 2011-04-01
- 0000896: [source code] Remove translation files from tarballs (edgarwahn)
- 0000845: Cannot verify additional email address (Uli60)
- 0000821: [my account] CAcert does not link my secondary email account to my acount (Uli60)
- 0000665: [certificate issuing] Intermediate level-3 certificate is MD5-signed (Uli60)
- 0000946: [misc] class3 subroot resign procedure - rollout (Uli60)
5 issues View Issues
Released 2010-10-01
- 0000895: [my account] Login to Testserver-Mgmt-System doesn't work (identified to have special char "§" in password) (edgarwahn)
- 0000876: [website content] NRP-DaL to be removed immediately (NEOatNHNG)
- 0000867: [source code] code fix in /www/wot.php (edgarwahn)
- 0000865: [misc] removal of unused /pages/wot/7-old.php (edgarwahn)
- 0000831: [misc] (Missing) IPv6 DNS entries make mailserver reject mails (wytze)
- 0000515: [website content] Please add a huge notice that TTP is not available in certain countries on TTP info page and forms (Uli60)
6 issues View Issues
Released 2010-07-01
- 0000853: [account administration] Feature request: Addition to the SE interface so that it is possible to add and remove arbitraty numbers from Experience Points (Uli60)
- 0000829: [website content] NRP-DaL to be removed from website, replaced by RDL (edgarwahn)
- 0000804: [account administration] Don't show the requested pass phrase in the mail sent to support (Sourcerer)
- 0000326: [account administration] searching for domain IDs (Sourcerer)
4 issues View Issues
Released 2009-10-01
- 0000730: [website content] statistics pages are slow (Sourcerer)
- 0000793: [source code] stats.php consumes big time to finish - add caching feature (Sourcerer)
- 0000673: [web of trust] wot.php Assurance Confirmation page has errors
- 0000134: [website content] Topic Text (wonderer)
- 0000133: [web of trust] find assurer shows wrong places (wonderer)
- 0000130: [certificate issuing] Certificate Identifier seems wrong (wonderer)
6 issues View Issues
Released 2009-04-01
- 0000207: [source code] [security bug] cross site scripting
- 0000215: [certificate issuing] Challenge isn´t verified on SPKAC requests (Sourcerer)
- 0000378: [source code] CCSR API SQL Injection (Sourcerer)
- 0000449: [website content] Bad web link on Orga Assurance page (Sourcerer)
- 0000544: [certificate issuing] personal client certificates without login capability (Sourcerer)
- 0000556: [certificate issuing] org certificate renewal doesn't work (Sourcerer)
- 0000582: [organisational section] Can not issue organisation server certificate (Sourcerer)
- 0000749: [website content] Broken Link on https://www.cacert.org/policy/AssurancePolicy.php (Sourcerer)
- 0000747: [translations] Assure someone => start notify mail => ERROR! Mail has sent (Uli60)
- 0000743: [website content] [Patch] cacert/pages/account/55.php: call to gettext inside a string (Sourcerer)
- 0000722: [Audit issues] server cert of OSCP server is expired (Sourcerer)
- 0000720: [my account] Unable to join (Sourcerer)
- 0000718: [website content] Broken Link: About CAcert - Mailing Lists (Sourcerer)
- 0000712: [translations] Typo in German domain verification mails
- 0000693: [website content] About- CAcert Board webpage can not be managed
- 0000668: [GPG/PGP] Confusing Output on key with a single UID (Sourcerer)
- 0000662: [certificate issuing] Issuing certificates via the CertAPI facility does not work [solution known] (Sourcerer)
- 0000651: [misc] Useless use of UTF-8 MIMEWords in E-Mail subjects (Sourcerer)
- 0000588: [account administration] Turn off old "candidate" Assurers (Uli60)
- 0000570: Change Your Authority Name from "Root CA" to "CAcert CA" + CRL distribution pbs
- 0000564: [website content] security contact information (Sourcerer)
- 0000522: DNS A record required to verify domain ownership
- 0000506: [web of trust] CCA agreement marking check on assurance page (teus)
- 0000504: [account administration] CCA agreement in CAP/COAP forms (teus)
- 0000443: [my account] All locations for Slovenia are broken (Sourcerer)
- 0000336: [certificate issuing] Verification mail and pages (Sourcerer)
- 0000227: [GPG/PGP] mysql_real_escape_string sometimes prevents adding of gpg keys (Sourcerer)
- 0000106: [website content] PHP Settings improvement (Sourcerer)
- 0000057: [GPG/PGP] Recognize multiple GPG keys in a signing request (Sourcerer)
- 0000012: [GPG/PGP] revoked subkeys are also tried to be signed (Sourcerer)
- 0000009: [account administration] a web ssl-enabled interface to upload sensitive documents for support@cacert.org
31 issues View Issues
Released 2009-01-01
- 0000702: [certificate issuing] new domain certificate request page there is a broken link to /docs/ (Sourcerer)
- 0000694: [website content] About- CAcert Board webpage can not be managed
- 0000675: [account administration] Support request to add the location Hoogezand-Sappemeer to the database (teus)
- 0000493: [misc] mantis could include additional projects
- 0000186: [web of trust] agreement on the CAP forms (teus)
- 0000708: [account administration] CCA checkbox doesn't work, no registration possible (Sourcerer)
6 issues View Issues
Released 2008-01-01
- 0000412: [misc] please remove sqldump.php (Sourcerer)
- 0000480: [certificate issuing] Can't renew/revoke certificate (Sourcerer)
- 0000521: [GPG/PGP] Wrong expiration date (Sourcerer)
- 0000600: [source code] NS Client certs can be created with an arbitrary email address attached. (Sourcerer)
- 0000643: [my account] verify domain fails
- 0000640: [certificate issuing] Root cert returns 404 (Sourcerer)
- 0000605: [website content] bugs.cacert.org => General information
- 0000604: [translations] German Translation: Menu section "Streifälle/Mißbrauch"
- 0000603: [translations] Deutsche Uebersetzung: My Details - My Points
- 0000599: [source code] XSS exploit in general.php/waitForResult (Sourcerer)
- 0000595: [source code] Arbitrary addition to list of email addresses valid to verify a domain as being under the control of the user. (TheSourcerer)
- 0000559: [CAcert Stamp] incorrect relativ links (Sourcerer)
- 0000558: [website content] CAcert Board member listing wrong (Sourcerer)
- 0000557: [my account] certificate not revocable (Sourcerer)
- 0000555: [certificate issuing] Impossible to create client certificate with no mailaddress
- 0000542: [website content] certificate expire information on http://www.cacert.org/index.php?id=19 are wrong (Sourcerer)
- 0000501: [website content] assurance challenge notice (Ted)
- 0000499: [my account] Need to store and display "Passed the Assurer Challenge" status (Ted)
- 0000487: [CAcert Stamp] mantis bugtracker needs update to 1.1.1
- 0000419: [certificate issuing] Typo in automated message regarding cert renewal (Sourcerer)
- 0000415: [source code] cacert.sql file in current source download file (20070207) is out of date (Sourcerer)
- 0000414: [tverify] [Tverify] Need a list of still pending request (Sourcerer)
- 0000361: [website content] Orga-Admin area is not Multi-Tab safe (Sourcerer)
23 issues View Issues
Released 2007-01-01
- 0000143: [logged out] nobody is perfekt (Sourcerer)
- 0000310: [misc] New Colo (Sourcerer)
- 0000346: [website content] Root certificate and Fingerprint on unsecure Site (Sourcerer)
- 0000469: [GPG/PGP] No email address shown in keylisting (Sourcerer)
- 0000464: [misc] IRC nicknames cannot be registered if longer that 9 characters
- 0000461: [misc] Bugtracker should default to https
- 0000456: [translations] Error message in https://secure.cacert.org/account.php unstralated (german) (Sourcerer)
- 0000455: [GPG/PGP] GPG key without E-mail address cannot be signed
- 0000453: [organisational section] linking to deleted accounts (Sourcerer)
- 0000447: [GPG/PGP] You can have any arbitrary userid signed with the cacert root key (Sourcerer)
- 0000441: [certificate issuing] ocsp class 3 organisations certifiacte not working (Sourcerer)
- 0000436: [GPG/PGP] Any live SMTP call stage of domain email before domain email checking (Sourcerer)
- 0000432: [web of trust] Error message after sending reminder (Sourcerer)
- 0000418: [website content] Remove links to news.php (Sourcerer)
- 0000417: [website content] http://www.cacert.org/docs/ shows directory listing (Sourcerer)
- 0000410: [certificate issuing] Status of certificate not reflected on website (Sourcerer)
- 0000382: [misc] Support Mailinglist (cacert-support@lists.cacert.org) bounces mails
- 0000373: [misc] Password reset (epilitimus)
- 0000368: [web of trust] Wrong URL for Location Editing (epilitimus)
- 0000367: [website content] e-mail contact via contact formular on www.cacert.org to find assurer seems not to be working (epilitimus)
- 0000365: [website content] Class3 Fingerprint (Sourcerer)
- 0000364: [website content] Text Download for Root Certs (epilitimus)
- 0000345: [certificate issuing] Class 3 client certificates are not accepted for email signing by SeaMonkey and Thunderbird (epilitimus)
- 0000343: [GPG/PGP] Don't get my gpg key signed, but no error message (duane)
- 0000337: [certificate issuing] Race condition in the Database (Sourcerer)
- 0000334: [organisational section] OU value not set in an Organisational certificate even though "Department" is supplied when creating certificate
- 0000324: [certificate issuing] Cannot issue "Client cert" with OU from the new org client cert form
- 0000322: [web of trust] Alternative names aren´t found (Sourcerer)
- 0000312: [certificate issuing] removed except the CommonName field (Sourcerer)
- 0000280: [my account] Impossible to be localised in France
- 0000258: [GPG/PGP] signs uids with unverified email addresses (Sourcerer)
- 0000236: [GPG/PGP] I always get "No emails found on your key" when trying to sign a GPG Pubkey (Sourcerer)
- 0000202: [certificate issuing] broken index.txt (Sourcerer)
- 0000184: [GPG/PGP] No Resigning, when GPG-Key is signed (Sourcerer)
- 0000139: [GPG/PGP] CAcert does not sign previously signed Sub-IDs (Sourcerer)
- 0000059: [certificate issuing] Problem in translation (Sourcerer)
- 0000054: [organisational section] Issue org code signing certs (Sourcerer)
- 0000027: [website content] 0000022: CAcert certificate seal verification service broken
- 0000409: [certificate issuing] Emails after cert generation have wrong link to certificate (Sourcerer)
39 issues View Issues
Released 2006-01-01
- 0000317: [certificate issuing] SHA-2 support (duane)
- 0000002: [account administration] [Support] Need web interface to modify the DOB of a user
- 0000056: [account administration] EMail Ping not safe enough
- 0000128: [organisational section] Need to get the email list of the org admins
- 0000065: [website content] Security Hole: CrossSiteScripting (duane)
- 0000145: [logged out] Beware of the Evil ...
- 0000158: [source code] Inserting text into the CAcert website
- 0000161: [source code] concerning variable reuse
- 0000164: [source code] org eat org
- 0000175: [website content] We need a way to shutdown the website (Sourcerer)
- 0000181: [web of trust] Double Assurance (Sourcerer)
- 0000183: [source code] don't trust my names
- 0000194: [source code] Don't trust the users (Sourcerer)
- 0000195: [source code] Session Security
- 0000200: [web of trust] creating client certs with arbitrary names included
- 0000203: [misc] old versions (duane)
- 0000205: [website content] [security bug] information gathering
- 0000206: [source code] [security bug] bad style of programming
- 0000208: [source code] [security bug] unverified SQL injeciton in gpg.php (Sourcerer)
- 0000217: [source code] remove old functionality for CSR
- 0000218: [source code] variables not reset
- 0000245: [GPG/PGP] Shell escape
- 0000265: [certificate issuing] Server certificate included extra DNS names (Sourcerer)
- 0000286: [my account] language issues (1/2)
- 0000289: [misc] Exploiting whois and the add domain function
- 0000309: [misc] New DNS servers (evaldo)
- 0000335: [misc] OCSP responds "unknown" (Sourcerer)
- 0000374: [website content] thawte verification wiki
- 0000355: [account administration] Separation of Admin and Organisation-Assurer (Sourcerer)
- 0000354: [website content] translation on page https://www.cacert.org/index.php?id=5 and other small corrections (wonderer)
- 0000351: [website content] little corrections on http://www.cacert.org/index.php?id=51&lang=de_DE
- 0000344: [GPG/PGP] Can't delete gpg key
- 0000342: [GPG/PGP] Menu order: GPG/PGP Keys
- 0000331: [organisational section] "Organisation Assurance" gives only error message "Parse error: syntax error, unexpected T_IF in /www/pages/wot/11.php on line 1
- 0000323: [organisational section] Cannot add and remove an admin to/from an organisation
- 0000321: [website content] PHP Error when trying to install certificate into IE7 (duane)
- 0000319: [translations] Untranslated logos page (aanriot)
- 0000316: [web of trust] Redesign of the CAP/TTP forms
- 0000314: [website content] localised a assurrer in Ingolstadt, Bayern, Germany (776272) (Sourcerer)
- 0000311: [web of trust] You are receieving this email as you are the listed contact for: ??? (blank)
- 0000308: [source code] tverify missing (Sourcerer)
- 0000306: [web of trust] ID copies (Sourcerer)
- 0000296: [translations] german translation "März" not "Mrz"
- 0000295: [translations] english text in german page
- 0000302: [website content] in Germany we have ä, ö and ü | the cities in your db are only written with a o u and not with ae oe ue
- 0000300: [my account] assured people don`t get points from me
- 0000299: [source code] sqldump without ; (Sourcerer)
- 0000298: [website content] ©2002-2005 by CAcert
- 0000294: [translations] english text in german translation
- 0000293: [translations] english text in german translation
- 0000297: [translations] missing translations to german in menu on right side (duane)
- 0000292: [translations] The german translation are not display complete (duane)
- 0000288: [misc] Bad usage of checkEmail
- 0000284: [account administration] move the LostPassphrase answers (+questions) to an additional page (duane)
- 0000283: [account administration] move the DOB editing to a seperate page (duane)
- 0000281: [source code] make.php.dist (duane)
- 0000278: [web of trust] Location DB Admin broken (duane)
- 0000277: [website content] Secure IRC missing (duane)
- 0000275: [certificate issuing] Race condition
- 0000274: [website content] More information about CAcert Inc. (duane)
- 0000271: [source code] dsffdfdd
- 0000267: [source code] register globals CSR (duane)
- 0000266: [account administration] My Alerts reset
- 0000261: [my account] not listed as assurer although defined "i want to be listed" as well as the correct region "Wien, Wien, Austria"
- 0000256: [certificate issuing] Cert Renewal Problem - Link to Wiki
- 0000255: [account administration] Mantis email interface is not RFC compliant
- 0000252: [translations] Translation not working at all (Sourcerer)
- 0000248: [account administration] password reset does not work in admin mode (duane)
- 0000244: [account administration] AJAX (location) From stopped working (duane)
- 0000240: [web of trust] OCSP response signer's certificate expired
- 0000233: [account administration] marriage
- 0000229: [certificate issuing] no "cancel" Button (wonderer)
- 0000228: [account administration] No confirmation mail after registration
- 0000219: [web of trust] "Find an Assurer" unusable (at least without javascript)
- 0000212: [source code] Missing "Your Certificate is about to expire" scripts
- 0000211: [website content] in index/1.php, there is irritating text
- 0000210: [misc] unabled to add .EU domain / Cookie issue with Mozilla (duane)
- 0000209: [source code] unauthenticated access on the test1 website (duane)
- 0000201: [web of trust] incorrect baltic character encoding/font on CAP form
- 0000199: [misc] necessary security update for wordpress blog software
- 0000191: [my account] "Assurance Points You Issued" entries are out of sequence
- 0000189: [account administration] Can login with Certificate but can't change Password
- 0000187: [website content] Website menu : Point system (duane)
- 0000185: [my account] Irritating message when trying to log into unverfied account
- 0000182: [source code] index.php?id=2 always writes confirmation message
- 0000180: [organisational section] man in the middle attack to mails (Sourcerer)
- 0000178: [account administration] missing numbering of Assurances
- 0000177: [account administration] Safety question for 0 points assurance (Sourcerer)
- 0000174: [translations] Deutsche Übersetzung der Startseite, Gebü_h_ren bitte mit h (duane)
- 0000171: [source code] missing email notification
- 0000170: [web of trust] Set focus to email field on load
- 0000169: [website content] Use https for bugs.cacert.org (Sourcerer)
- 0000168: [my account] Add secondary contact language
- 0000167: [web of trust] No points might be added because the member already has got 35 points (Sourcerer)
- 0000166: [website content] Better usability for new localization
- 0000163: [account administration] Avoid a user to put 5 time the same question in the Q/A password recovery system
- 0000162: [source code] Useless setting of $id
- 0000160: [source code] "pointsalready <= 1500" makes no sence (duane)
- 0000159: [source code] $_SESSION['profile']['email'] in index/4.php
- 0000157: [source code] index/0.php uses initialized $rss
- 0000155: [source code] unparsed variables used in mysql query
- 0000154: [source code] Privacy concern
- 0000153: [source code] _SESSION['config'] doesn't exist
- 0000151: [account administration] Admin function to remove notification settings for users (Sourcerer)
- 0000150: [source code] Who is organized?
- 0000148: [GPG/PGP] site shouldn't rely on magic_quotes_gpc turned on
- 0000147: [website content] useless $key = $val
- 0000146: [source code] Unparsed variable written to session variable
- 0000142: [organisational section] The location db listing page should show the long/lat values of places (duane)
- 0000141: [website content] Certificate Classes need explanation (Sourcerer)
- 0000140: [website content] Please rename link "Further Information" or move it else where
- 0000136: [web of trust] How to get a blank CAP "WoT" or TTP form ?
- 0000132: [website content] Collision in variable names (Sourcerer)
- 0000125: [my account] wrong confirmationmessages if account was not validated (duane)
- 0000122: [organisational section] System Admin, Location DB: edit does not work
- 0000121: [website content] Help Translation Bug (Sourcerer)
- 0000116: [organisational section] Org master should be able to delete org admins
- 0000115: [account administration] Organisation Domain listing (Sourcerer)
- 0000112: [website content] A link to the mailing list index page would be useful (evaldo)
- 0000110: [account administration] View Domains (MichaelDiederich)
- 0000108: [account administration] Delete Email Accounts (MichaelDiederich)
- 0000101: [organisational section] Allowing organisational users to set any OU during certificate requests
- 0000094: [website content] Improved Errormessages (Sourcerer)
- 0000093: [account administration] Storing the original points that were awarded by assurance, even if rounded down afterwards (Sourcerer)
- 0000092: [account administration] Logging of the email addresses and the account of the person that generates an Email Ping (Sourcerer)
- 0000088: [my account] Check for security questions with the same answer
- 0000084: [certificate issuing] Organisational web certs do not include any attributes besides CN
- 0000083: [certificate issuing] Random Number exhaustion (duane)
- 0000080: [account administration] Account blocking/lockout feature request
- 0000076: [certificate issuing] Inclusion of the Certificates information (CN, O etc) in the cert expiration warning mail
- 0000074: [translations] Some less detail required (about 29.98 days == > about 30 days)
- 0000073: [translations] Untranslated texts in certificate renewal reminder e-mail
- 0000071: [website content] Certificate Login - usability problem (Sourcerer)
- 0000058: [certificate issuing] Expire policy compliance
- 0000046: [website content] Add another CRL link
- 0000036: [website content] 0000014: Image Translation (duane)
- 0000033: [website content] 0000008: Contact Us Page (Forms)
- 0000032: [website content] 0000007: Stylesheets for h3 tag
- 0000031: [website content] 0000006: Further Information Page
- 0000030: [GPG/PGP] 0000033 GPG Keysigning Broken for RSA Keys?
- 0000029: [my account] 0000029: Max Points on cap.php forms makes no sence
- 0000025: [website content] 0000020: Change-Language Links all Link to index.php
- 0000018: [website content] 0000032 Autocomplete should be set to off for LostPassword Questions
- 0000016: [website content] 0000018: Wrong or missing information on CAcert pages
- 0000014: [web of trust] 0000019: Tverify does not work in some cases : wrong thawte cert verification assumptions ?
145 issues View Issues
Released 2005-01-01
- 0000050: [my account] problem in assurance point handling
- 0000113: [account administration] Rounding errors
- 0000107: [account administration] Replacing Locations for France
- 0000098: [website content] Calendar on blog.cacert.org seems to have RAM Problems
- 0000097: [website content] URL points to MantisBT instead of CAcert.org
- 0000085: [website content] Login Redirect broken (duane)
- 0000079: [website content] Location Database: Rename London
- 0000072: [my account] Location needs to be renamed
- 0000063: [web of trust] I issued ZERO assurance points by mistake
- 0000062: [certificate issuing] Interoperability between Symantec Web Security Server and CAcert (duane)
- 0000011: [certificate issuing] Class 3 certificate migration (duane)
- 0000007: [organisational section] Mantis is misconfigured (duane)
- 0000004: [my account] 0000030: Missing Cities in the WoT Assurer Location list (duane)
13 issues View Issues
CATS.cacert.org - Change Log
Released 2008-01-04
- 0001245: [Admin Interface] Admin Interface does not accept non-ASCII characters in question text and description (Ted)
- 0001303: [Other] TLS of cats.cacert.org is weak and outdated (jandd)
- 0001140: [User Interface] Show if a test is passed in learnprogress (Ted)
- 0001161: [Result Upload] Handle error reports by server in UploadResults.pl
- 0000756: [Admin Interface] While editing answers to questions of type multiple choice. It's not possible to add answers. (Ted)
- 0000757: [User Interface] For some reason I really expect the CAcert logo to be hyperlinked to de website. (Ted)
- 0000889: [User Interface] Login with Client Certs class3 doesn't work - login with Client Cert Class1 works (Ted)
- 0000514: [User Interface] logged in as box not visible with Safari 3.0.4 (tigerp)
- 0000510: [User Interface] Organisation certificates must not be accepted for Login (Ted)
- 0000474: [Database] Privacy issues concerning user table (Ted)
- 0000476: [Database] user_address table contains sensitive information and should be treated as such (Ted)
- 0000472: [User Interface] Progress cannot be shown (Ted)
12 issues View Issues