Matt Taggart dijo [Mon, Sep 20, 2010 at 11:22:51AM -0700]:
> IMO it's a security bug, but downgrade if you disagree.
>
> Thanks,
I tend to disagree - And it is a characteristic I really appreciate
about Debian's packaging of Drupal: One of those great instances of
"Install. It just works." that d
> Matt,
> can you please explain why you think this bug is 'grave' and not just =
> 'important'?
>
> To me, grave definition is:
>
> makes the package in question unusable or mostly so, or causes data
> loss, or introduces a security hole allowing access to the accounts of
> users who use the pac
Matt,
can you please explain why you think this bug is 'grave' and not just
'important'?
To me, grave definition is:
makes the package in question unusable or mostly so, or causes data loss, or
introduces a security hole allowing access to the accounts of users who use the
package
and I canno
The original submitter of #565738 is correct, drupal shouldn't enable for
all sites on the server by default. It's not enough that "it won't show
anything under
a domain for which it hasn't been configured", it still allows access and
reveals things that shouldn't be by serving the "site off-lin
4 matches
Mail list logo