Use SafeCURL in external RSS block
Bug #1397736 reported by
Aaron Wells
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Won't Fix
|
High
|
Aaron Wells | ||
1.10 |
Won't Fix
|
High
|
Aaron Wells | ||
15.04 |
Won't Fix
|
High
|
Aaron Wells | ||
15.10 |
Won't Fix
|
High
|
Unassigned | ||
16.04 |
Won't Fix
|
High
|
Unassigned | ||
16.10 |
Won't Fix
|
High
|
Unassigned |
Bug Description
For better security in the external RSS feed block, we should be using a library like SafeCURL to help guard against attacks.: https:/
See also bug 1394820
CVE References
information type: | Public → Public Security |
tags: | added: externalfeed |
tags: | added: no-behat-needed |
no longer affects: | mahara/1.8 |
no longer affects: | mahara/1.9 |
Changed in mahara: | |
status: | In Progress → Won't Fix |
status: | Won't Fix → In Progress |
status: | In Progress → Won't Fix |
Changed in mahara: | |
milestone: | 16.04.1 → none |
To post a comment you must log in.
Patches:
https:/ /reviews. mahara. org/4030 /reviews. mahara. org/4031
https:/