Hm, well, we haven't seen any updates from the SafeCurl project since Hugh posted those initial bug reports. On the other hand, it would still improve our security versus what we've currently got. It just has potentially a few unpatched holes.
So I think it's probably worth going ahead with this one, unless we can find a better equivalent library. If a better alternative arises in the future, it should be fairly simple to swap this one out with that one, since this one is designed as a "drop-in replacement" for the PHP curl_exec function. -- You received this bug notification because you are a member of Mahara Contributors, which is subscribed to Mahara. Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it! https://bugs.launchpad.net/bugs/1397736 Title: Use SafeCURL in external RSS block Status in Mahara: In Progress Status in Mahara 1.10 series: Won't Fix Status in Mahara 15.04 series: Confirmed Status in Mahara 15.10 series: In Progress Status in Mahara 16.04 series: In Progress Status in Mahara 16.10 series: In Progress Bug description: For better security in the external RSS feed block, we should be using a library like SafeCURL to help guard against attacks.: https://github.com/fin1te/safecurl See also bug 1394820 To manage notifications about this bug go to: https://bugs.launchpad.net/mahara/+bug/1397736/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~mahara-contributors Post to : [email protected] Unsubscribe : https://launchpad.net/~mahara-contributors More help : https://help.launchpad.net/ListHelp
