Project

General

Profile

Bug #28458

remove gravater from img_src secure header

Added by Tomer Brisker 6 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Security
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:

Description

gravatar support was removed in #21748, we don't need to allow images from it.


Related issues

Related to Foreman - Feature #21748: Replace crypto- and hash-functions unapproved by FIPS with FIPS-approved onesClosed2017-11-23

Associated revisions

Revision 2ffc41ac (diff)
Added by Tomer Brisker 6 months ago

Fixes #28458 - Don't allow images from gravatar

In the past users could have images from gravater. This has been removed
almost two years ago due to FIPS hardening, but the secure headers
weren't updated.

History

#1 Updated by Tomer Brisker 6 months ago

  • Related to Feature #21748: Replace crypto- and hash-functions unapproved by FIPS with FIPS-approved ones added

#2 Updated by The Foreman Bot 6 months ago

  • Assignee set to Tomer Brisker
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/7235 added

#3 Updated by The Foreman Bot 6 months ago

  • Fixed in Releases 2.0.0 added

#4 Updated by Tomer Brisker 6 months ago

  • Status changed from Ready For Testing to Closed

Also available in: Atom PDF