https://bugzilla.wikimedia.org/show_bug.cgi?id=66238
Chris Steipp <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #1 from Chris Steipp <[email protected]> --- handlebars.js says it's v2.0.0-alpha.2, instead of the stable 1.3.0. Who is going to be responsible for keeping it updated for security fixes? Mitre doesn't issue CVE's for alpha/beta builds, so security fixes won't be advertised in the usual places. Just in case, can you add an .htaccess file in scripts, so those can't be accessed through apache? Otherwise, I think security looks fine. Adding Timo just in case he has opinions on how ResourceLoader is being used. -- You are receiving this mail because: You are on the CC list for the bug. _______________________________________________ Wikibugs-l mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
