On Thursday 26 of May 2016, Elan Ruusamäe wrote: > On 26.05.2016 19:38, Arkadiusz Miśkiewicz wrote: > > On Thursday 26 of May 2016, glen wrote: > >> >commit b721b050c0cd63ad00f987bc3a6389ac2a7282e0 > >> >Author: Elan Ruusamäe<[email protected]> > >> >Date: Thu May 26 17:43:23 2016 +0300 > >> > > >> > policy.xml changes to mitigate imagetragick > >> > > >> > recommended config fromhttps://imagetragick.com/ > > > > Isn't that just disabling specified formats which makes little sense as > > this version is supposed to have these extensions fixed? > > as i see this, these are protocols or rarely used formats and making > default config secure (not allowing to load from network, etc). if > someone's system really needs them, they can modify local policy.xml to > enable these.
Ok (just commit message is misleading) -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) _______________________________________________ pld-devel-en mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
