[exim-dev] [Bug 3069] Protect MUAs against attacks on BIMI

Góra strony
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
Dla: exim-dev
Stare tematy: [exim-dev] [Bug 3069] New: Protect MUAs against attacks on BIMI
Temat: [exim-dev] [Bug 3069] Protect MUAs against attacks on BIMI
https://bugs.exim.org/show_bug.cgi?id=3069

Andrew Aitchison <exim@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #1462|0                           |1
        is obsolete|                            |
   Attachment #1463|0                           |1
        is obsolete|                            |


--- Comment #6 from Andrew Aitchison <exim@???> ---
Created attachment 1479
--> https://bugs.exim.org/attachment.cgi?id=1479&action=edit
Simpler patch

I know that BIMI is controversial, but it is in use by some of the big players.
The draft RFC says that
allowing one or more existing headers through to a MUA is a security risk

This new patch only changes one file (src/src/configure.default) and only adds
comments, so only admins who want it will get it. At the same time, should
there
become a greater need, we would only have to tell people to uncomment an
existing line of the config.

I would like to see this in 4.98.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/