On Monday, October 9, 2023 at 6:26:13 AM UTC-5 Edward K. Ream wrote: > I have just changed [the title of issue #3598 <https://github.com/leo-editor/leo-editor/issues/3598>] to "Retire all eval commands".
mod_http.py contained a stealth setting, *@bool http-allow-remote-exec*, that enabled the *ExecHandler* in mod_http.py. This class evaluated incoming requests using the *EvalController* class in mod_scripting.py! The default for this setting was None/False, which probably mitigated the security concern. A recent rev deleted the ExecHandler class from mod_http.py, so the security concern will soon be moot. Except for legacy versions of Leo, that is! Edward -- You received this message because you are subscribed to the Google Groups "leo-editor" group. To unsubscribe from this group and stop receiving emails from it, send an email to leo-editor+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/leo-editor/4f9e035c-1100-401f-bd5e-d9b2203b2773n%40googlegroups.com.
