|Topic:||Cross Site Request Forgery (CSRF) in messaging setting
|Versions affected:||< 1.6.8, < 1.7.6, < 1.8.7, < 1.9.3|
|Reported by:||internal code review|
|Solution:||update to latest releases|
Description:The messaging settings page was exposed to a CSRF vulnerability because it wasn't protected by the sesskey mechanism.