https://bugs.exim.org/show_bug.cgi?id=3181
--- Comment #4 from Jeremy Harris <[email protected]> --- Yes. The entire string is expanded before being interpreted as a list and, as you note, the expansion of the $domain (which has tainted data) taints the whole result. What is new is the paniclog for interpreting tainted metadata within a list - the "@" in this case. See item 15 in the ChangeLog, and also the description of "@" in domain lists in the the main documentation. The ChangeLog item also notes the preferred expression you found. -- You are receiving this mail because: You are on the CC list for the bug. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
