Le 14/12/2021 à 09:34, Jacques Le Roux a écrit :
I also wonder if we should not get rid of Apache XMLRPC knowing that it's no longer maintained: https://github.com/advisories/GHSA-6vwp-35w3-xph8
A milder mitigation would be to simply comment out the 2 tests that fail on BuildBot. That would allow to keep XMLRPC for those interested. Like people working in a safe (ie no internet) environment. We also know that only post-auth attacks are possible.
Opinions? Jacques
