Security improvements
Bug #2076665 reported by
Skia
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Errors |
Confirmed
|
High
|
Unassigned |
Bug Description
This bug is a follow up of bug 2046565.
Original description, excluding the XSS part that has been fixed:
This deployment of the error tracker also lacks security headers such as CSP, and imports Yahoo APIs via plain HTTP.
(Also, TLSv1.0 and v1.1 and many of the currently supported TLSv1.2 cipher suites ought to be disabled on any production sites nowadays.)
Changed in errors: | |
status: | New → Confirmed |
importance: | Undecided → High |
To post a comment you must log in.