potiuk commented on PR #61:
URL: https://github.com/apache/tapestry-5/pull/61#issuecomment-4812873494

   Thanks @benweidig — much appreciated, and good that the review surfaced the 
IPv6 LocalhostOnly bug and the HMAC hardening items on your side. Agreed: any 
HMAC bypass should be treated as a finding, and CSRF being app-responsibility / 
the path-normalization details are noted. Nothing blocking from our side — 
merge whenever you're ready and we'll verify discoverability and queue 
Tapestry. Thanks for the thorough read.
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to