I am just about to untake xbmc. I don't think it makes sense to continue. Upstream bug report: https://trac.kodi.tv/ticket/17314
This issue, and the lack of response to the upstream bug report, clearly makes me think upstream is not serious about security issues. As such I think this webserver (any version) should restricted to trusted networks by trusted users. The reasons I feel it is unwise to continue: * Possibility of other security issues. Probably suffers CRSF vulnerabilities if nothing else (No, I haven't checked properly - except by "grep -i CRSF" in source). * No fixes available for any version available. * No response to upstream bug report - Was opened in February. * Possibility that designing my own fix might break something or not fix it properly. * I don't see any evidence of tests being run during builds that might pick up on breakage I might accidentally introduce. -- Brian May <[email protected]>
