mahara-contributors team mailing list archive

Thread
Date

[Bug 1397736] Re: Use SafeCURL in external RSS block

To: mahara-contributors@xxxxxxxxxxxxxxxxxxx
From: Aaron Wells <1397736@xxxxxxxxxxxxxxxxxx>
Date: Mon, 13 Jun 2016 08:18:16 -0000
Reply-to: Bug 1397736 <1397736@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Hm, well, we haven't seen any updates from the SafeCurl project since
Hugh posted those initial bug reports. On the other hand, it would still
improve our security versus what we've currently got. It just has
potentially a few unpatched holes.

So I think it's probably worth going ahead with this one, unless we can
find a better equivalent library. If a better alternative arises in the
future, it should be fairly simple to swap this one out with that one,
since this one is designed as a "drop-in replacement" for the PHP
curl_exec function.

-- 
You received this bug notification because you are a member of Mahara
Contributors, which is subscribed to Mahara.
Matching subscriptions: Subscription for all Mahara Contributors -- please ask on #mahara-dev or mahara.org forum before editing or unsubscribing it!
https://bugs.launchpad.net/bugs/1397736

Title:
  Use SafeCURL in external RSS block

Status in Mahara:
  In Progress
Status in Mahara 1.10 series:
  Won't Fix
Status in Mahara 15.04 series:
  Confirmed
Status in Mahara 15.10 series:
  In Progress
Status in Mahara 16.04 series:
  In Progress
Status in Mahara 16.10 series:
  In Progress

Bug description:
  For better security in the external RSS feed block, we should be using
  a library like SafeCURL to help guard against attacks.:
  https://github.com/fin1te/safecurl

  See also bug 1394820

To manage notifications about this bug go to:
https://bugs.launchpad.net/mahara/+bug/1397736/+subscriptions

References

[Bug 1397736] [NEW] Use SafeCURL in external RSS block
From: Aaron Wells, 2014-11-30