- Issue created by @longwave
- 🇬🇧United Kingdom mcdruid 🇬🇧🇪🇺
Perhaps the module could also do a stable release and opt in to security coverage :)
Thanks for the very quick response @steven jones
- 🇬🇧United Kingdom steven jones
@mcdruid so in all honesty I've not opt-ed in because I suspect that there are these sorts of security issues kicking around in this (sub-)module, obviously lets fix this issue but I probably need to get a decent security review of this module done, and then opt-in, otherwise it's going to be lots of issues being managed in private I suspect, which is bad for getting them right / being able to use the drupal.org tools etc.
I wonder if there are subtle security risks like placing a script in a location that this module is going to try to call, but doing something weird when the webserver calls it. Hmm...I feel like the security boundary needs tightly definining etc. otherwise it's going to be a nightmare!