Abandoning this one. SafeCURL doesn't work with IPv6, which means we'd
either have to arbitrarily require only RSS feeds at IPv4-addressed
sites, or allow all IPv6 addresses, in which case we're not adding any
security.
So with that downside, it's not worth the extra risk and upkeep of
adding it.
** Changed in: mahara/15.04
Status: Confirmed => Won't Fix
** Changed in: mahara/15.10
Status: In Progress => Won't Fix
** Changed in: mahara/16.04
Status: In Progress => Won't Fix
** Changed in: mahara/16.10
Status: In Progress => Won't Fix
--
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask
on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1397736
Title:
Use SafeCURL in external RSS block
Status in Mahara:
In Progress
Status in Mahara 1.10 series:
Won't Fix
Status in Mahara 15.04 series:
Won't Fix
Status in Mahara 15.10 series:
Won't Fix
Status in Mahara 16.04 series:
Won't Fix
Status in Mahara 16.10 series:
Won't Fix
Bug description:
For better security in the external RSS feed block, we should be using
a library like SafeCURL to help guard against attacks.:
https://github.com/fin1te/safecurl
See also bug 1394820
To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1397736/+subscriptions
_______________________________________________
Mailing list: https://launchpad.net/~mahara-contributors
Post to : [email protected]
Unsubscribe : https://launchpad.net/~mahara-contributors
More help : https://help.launchpad.net/ListHelp
