On Tue, Jul 19, 2016 at 5:10 PM, Perry E. Metzger <[email protected]> wrote: > https://httpoxy.org/ seems to impact any python program (among many > others) that runs under cgi. Does it cause trouble for mailman? What > is a reasonable mitigation?
If I understand the issue correctly (and admittedly It's kinda a new issue) this only affects proxied HTTP transactions, not HTTPS ones. Most mailman installations should be running HTTPS in order to protect user data, if not now is a good time to do so. It's worth pointing out that if you are using nginx with mailman that this only affects you if you are using fastcgi. It does not seem to affect you if you are using nginx+uwsgi+mailman. -Jim P. ------------------------------------------------------ Mailman-Users mailing list [email protected] https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
