The title says it all, CSRF protection was disabled for a period of time on Stripe’s Dashboard. As the most sensitive actions required reentering the user’s password or solving a captcha the damage was limited but you could still change various account settings. Its a bit of a crazy vulnerability to have introduced, just straight up disabling CSRF checking.