-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 5/1/20 04:49, Mark Thomas wrote: >> Reporter: mblehkos...@gmail.com > > Yet another "security researcher" that failed to notice that if you > try and upload an attachment with MIME type text/html our Bugzilla > instances will always render it as text/plain. > > I'd mind less if these folks actually checked if the attack worked > and then apologied for wasting our time when they found it didn't. > > I've disabled this idiot's account. > > I'll delete the issue shortly. Actually, I think you should leave the issue in BZ and we can encourage the community to laugh at them for claiming "victory" for a hack that didn't occur. Kinda like laughing at the small anatomy of people who "zoom bomb" meetings. - -chris -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl6sTl8ACgkQHPApP6U8 pFg0nBAAyWvD3GNP974gy9RY4ur6cXlxN9sEibJ3kXGgKsIAeDD4uMdCJMTGUMOR zh8lspJulxgdTRCacne/PUWqOL8LU2n0SLKw8VAMgH/nxeEFBd4g/zBJY4sj7918 RySlisHU6deMfvaRFMoaJu4/v2Xt9R4/GwDYFR2e4jUirqHNbIB7o+235XvNVLDe nPeKYoPcjimTvhHyVDPS0fbr2UdlauFjxYbHhz5qvbCQqC2fDpiCNPzulZme9C4v ZoBJPUiM3DFJG/10ix+cRPds/6RhLguWq+bYjUGZpnp4VnCt8cRDnVkr/MX8xM4g sFGtFuRhR0gMDWNwy6yw2uyueOSzjgjsJCrbAV9lm27rGEAaGwtKUTkhYxdQlx3r FE5gMPMlzhNqIiNNo75+1/MoqA0zPPmt3WZpGJRIKxuvGmO7bM/3pZ+6db0bgeUt BcLtxAKp0q3zd+uK3mkBiRccasb3As6q4iSruTYB1uHD+yIpflXbgZqUGQfHnYRT IZfjw6b5xtfAguu5EG1rihfTVsKkXiSNbFGkhacfBLWRsYYf3hXD3n6qrrvYRH5A 40hKN+4YLVGYtbU25ihpBMiAaewK81CzjyeOzMmKnXg5+GqC7/bA1bF6IxwJ75if W4FEleeO+m+FfeP6qDy8k3Dj7w6dEUxq6aCoNd8XTjd3BtuW3JY= =ocmV -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
