Don't trust update server - nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

diff options

author	Lukas Reschke <lukas@owncloud.com>	2015-11-28 12:19:58 +0100
committer	Lukas Reschke <lukas@owncloud.com>	2015-11-28 12:21:53 +0100
commit	f3e9106864421d902cb3751fdd0004f84b369938 (patch)
tree	4b95bf59fb688f4628e213fa16b4187ec74e4cec /issue_template.md
parent	d305412a357f31174abff757602b343c24cd91c1 (diff)
download	nextcloud-server-f3e9106864421d902cb3751fdd0004f84b369938.tar.gz nextcloud-server-f3e9106864421d902cb3751fdd0004f84b369938.zip

Don't trust update server

In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff. While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.

Diffstat (limited to 'issue_template.md')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: