On Fri, 19 Aug 2022, Andrew C Aitchison via Exim-users wrote:
On Fri, 19 Aug 2022, Nick via Exim-users wrote:
Hello Exim users,
I've a problem with Sqlite lookups and tainting. I've composed a question
on Stack Exchange, since it's easier to access than this list (and I forgot
i was already subscribed here long ago!)
https://serverfault.com/questions/1108609/does-exim4s-sqlite-quote-expansion-de-taint-the-expanded-value
Quoting that here:
I'm upgrading an exim4 installation which has some custom filters,
to Debian 11. (Specifically, the filters are this
<https://github.com/wu-lee/exim-disposable-aliases>.)
Since that uses Exim 4.94, I've now run into the new-ish "tainted variables"
<https://www.exim.org/exim-html-current/doc/html/spec_html/ch-concept_index.html>
feature, which has broken my filter.
Exim 4.96 has more tainting features than 4.94.
If you have access to 4.96, I would test against the newest version.
--
Andrew C. Aitchison Kendal, UK
and...@aitchison.me.uk
--
## List details at https://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/
