On 2018/11/30 08:21, Florian Obser wrote: > /etc/burp/clientconfdir/testclient contains a well known password > (it's simmilar to the combination on my luggage). > > So on installation I remove that file. > An upgrade puts it back. That seems... unwise. > > The way I understand things anyone who can connect to the burp server > can request a cert with that password for CN testclient and then force > a backup run. > > Can we maybe not do that? > > Thanks, > Florian > > -- > I'm not entirely sure you are real. >
Fixed that, here's an updated tgz for 2.2 with the same changes applied.
burp22.tgz
Description: Binary data
