Open Bug 1454758 Opened 6 years ago Updated 6 years ago

Replace Email::Address with Email::Address::XS

Categories

(bugzilla.mozilla.org :: Email Notifications, task)

Production
task
Not set
normal

Tracking

()

People

(Reporter: dylan, Unassigned)

References

Details

No description provided.
Version: Development → Production
I don't believe this can effect us right now, but we should do as they advise, and also switch to Email::Sender (which is already done in upstream)
16:18 <genio> I can see bumping the Email::Address prereq to 1.908 instead so that the default behavior is less likely to cause issue 16:20 <genio> The current prereq in Email::Send is 1.80. So, that simple "fix" plus deprecation sounds like a sane plan for Email::Send. 16:20 <dylan> why does https://github.com/Perl-Email-Project/Email-Send/issues/6 say "even in the current release"? 16:21 <@alh> Probably because Email::Address says 16:21 <@alh> ACHTUNG! This module has a vulnerability (CVE-2015-7686) which allows remote attackers to cause denial of service 16:21 <@alh> Which is misleading if the new defaults really prevent it 16:21 <@mst> dylan: because you can still turn the vulnerability back on, I think.
Group: webtools-security
Type: enhancement → task
You need to log in before you can comment on or make changes to this bug.