Successfully authenticated to complete the Joomla update.

hmm. If you find this message in your log you have bypassed the token check and authenticated you successfull or not. What about adding this info (bypassed the security checks) to the log?

"Failled to authenticate to complete the Joomla update.

Failled is a typo? Same as above.

Thanks!

Fixed the typo

I guess I dont understand when you would see this in your logs or what it is supposed to mean.

I guess I dont understand when you would see this in your logs or what it is supposed to mean.

In com_joomlaupdate the JSST implemented a Sec / Token check.

But if we come from a older version the needed token is not added to the URL. So we have implemented a fallback that allows us to pass that check even if we have no token, by a authenticate you as Super User. This message should told you that you are gone that route. (bypass that token check because you are comming from a older version)

You're not bypassing the CSRF token check. You've actually failed to match it so you're being prompted to reauthenticate to continue.

Yes. Sorry for my englisch than. This is what i meant.

Sorry but i am still confused what the string should be

Apparently the intent is to log a message if during the update process the CSRF token validation fails and you are required to reauthenticate. The log message is based on the success/fail of that authentication step.

What that means the message should say, I'm still not entirely sure on.

What that means the message should say, I'm still not entirely sure on.

What about the seccond option and just remove it (log + string) if there is no reason to log such event?

That works too

see: #14576

closing as we have decided not to have a message

Thanks @brianteeman