On 07/01/2020 20:20, Michael Haardt via Exim-users wrote: > I did > not really follow the list recently, so I missed the introduction of > "tainted" expansions,
To follow up on that point: ChangeLog, 4.93 :- JH/32 Introduce a general tainting mechanism for values read from the input channel, and values derived from them. Refuse to expand any tainted values, to catch one form of exploit. -- Cheers, Jeremy -- ## List details at https://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
