On 2022-04-27 Jeremy Harris via Exim-dev <[email protected]> wrote: > On 26/04/2022 08:28, Andrew C Aitchison via Exim-dev wrote: >>> • Jeremy Harris via Exim-announce [2022-04-23 20:23]: >>>> Notable removals since 4.95:
>>>> - the "allow_insecure_tainted_data" main config option and the >>>> "taint" log_selector. These were previously deprecated. >> That isn't a good combination. Please could we keep the option to >> allow_insecure_tainted_data if there are new taint features ? >> That way we can continue to run live systems while we resolve >> these sort of problems. > The trouble with that is that it means the coverage of tracking > tainted data use can never be extended. [...] Hello, I think it could be less problematic if configurations that already triggered an error in 4.95 (and needed allow_insecure_tainted_data to work) stopped working with 4.96 even if allow_insecure_tainted_data was set. However users need/want something equivalent to test upgrades to 4.96 for problems with the new taint checks (requirement for quoting in query-style lookups and taint-check exec arguments for transport-initiated external processes). People upgrading directly from < 4.93 to 4.96 would still have to deal with hard breakage on upgrades, but requirig a two step upgrade might be considered a fair compromise. cu Andreas -- `What a good friend you are to him, Dr. Maturin. His other friends are so grateful to you.' `I sew his ears on from time to time, sure' -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
