Open
Bug 1454758
Opened 6 years ago
Updated 6 years ago
Replace Email::Address with Email::Address::XS
Categories
(bugzilla.mozilla.org :: Email Notifications, task)
Tracking
()
NEW
People
(Reporter: dylan, Unassigned)
References
Details
No description provided.
Reporter | ||
Updated•6 years ago
|
Version: Development → Production
Reporter | ||
Comment 1•6 years ago
|
||
I don't believe this can effect us right now, but we should do as they advise, and also switch to Email::Sender
(which is already done in upstream)
Reporter | ||
Comment 2•6 years ago
|
||
16:18 <genio> I can see bumping the Email::Address prereq to 1.908 instead so that the default behavior is less likely to cause issue
16:20 <genio> The current prereq in Email::Send is 1.80. So, that simple "fix" plus deprecation sounds like a sane plan for Email::Send.
16:20 <dylan> why does https://github.com/Perl-Email-Project/Email-Send/issues/6 say "even in the current release"?
16:21 <@alh> Probably because Email::Address says
16:21 <@alh> ACHTUNG! This module has a vulnerability (CVE-2015-7686) which allows remote attackers to cause denial of service
16:21 <@alh> Which is misleading if the new defaults really prevent it
16:21 <@mst> dylan: because you can still turn the vulnerability back on, I think.
Reporter | ||
Updated•6 years ago
|
Group: webtools-security
Updated•6 years ago
|
Type: enhancement → task
You need to log in
before you can comment on or make changes to this bug.
Description
•