potiuk commented on PR #61: URL: https://github.com/apache/tapestry-5/pull/61#issuecomment-4812873494
Thanks @benweidig — much appreciated, and good that the review surfaced the IPv6 LocalhostOnly bug and the HMAC hardening items on your side. Agreed: any HMAC bypass should be treated as a finding, and CSRF being app-responsibility / the path-normalization details are noted. Nothing blocking from our side — merge whenever you're ready and we'll verify discoverability and queue Tapestry. Thanks for the thorough read. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
