On 26.05.2016 19:38, Arkadiusz Miśkiewicz wrote:
On Thursday 26 of May 2016, glen wrote:
>commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0
>Author: Elan Ruusamäe<[email protected]>
>Date: Thu May 26 17:43:23 2016 +0300
>
> policy.xml changes to mitigate imagetragick
>
> recommended config fromhttps://imagetragick.com/
Isn't that just disabling specified formats which makes little sense as this
version is supposed to have these extensions fixed?
as i see this, these are protocols or rarely used formats and making
default config secure (not allowing to load from network, etc). if
someone's system really needs them, they can modify local policy.xml to
enable these.
--
glen
_______________________________________________
pld-devel-en mailing list
[email protected]
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
