[Pkg-mailman-hackers] [Mailman-cabal] Potential security flaw in Postorius
Pierre-Elliott Bécue
becue at crans.org
Wed Dec 27 09:02:56 UTC 2017
Le mercredi 27 décembre 2017 à 00:05:09-0800, Abhilash a écrit :
> On Tue, 2017-12-26 at 11:37 -0500, Barry Warsaw wrote:
> > On Dec 25, 2017, at 16:44, Abhilash Raj <raj.abhilash1 at gmail.com> wrote:
> >
> > > Currently, there are no use cases of a user's password in Core.
> >
> > This is correct. User passwords in Core are a vestige of an earlier
> > time. They weren’t completely removed from the model because there are some
> > potential use cases we were keeping the door open for, and because it would
> > require a database migration. So unless some third party code were using them
> > through the REST API or as an add-on rule/handler (unlikely - and we know
> > HyperKitty and Postorius don’t use this field), then I think the effective
> > security problems are nonexistent.
>
> Thanks Barry!
>
> So, I am going to tag and release Postorius 1.1.2 sometime tomorrow (27th Dec)
> and also push the changes to Gitlab.
>
> How does that sound to everyone?
That sounds perfect. Thanks for your great work!
Cheers,
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mailman-hackers/attachments/20171227/f44dbf7f/attachment-0001.sig>
More information about the Pkg-mailman-hackers
mailing list