Thank you for the feedback. It looks like a quite invasive change to do.
I think it should be an optional (not even enabled by default?) protection
mechanism, especially if it is using the referrer field since it may be
removed by proxies and is an optional field.
I agree that we should wait for up
Hi Ola,
> So I think we should probably mark lua-cgi as unsupported instead of
> fixing the vulnerabilities.
I'd be happy with this. On the popcon figure, I am sure we can agree
to skip over a discussion on the general limitations of popcon data,
but in this particular instance I don't feel like
Hi Chris
Good point about the popcon data.
// Ola
On Tue, 25 Feb 2020 at 17:21, Chris Lamb wrote:
> Hi Ola,
>
> > So I think we should probably mark lua-cgi as unsupported instead of
> > fixing the vulnerabilities.
>
> I'd be happy with this. On the popcon figure, I am sure we can agree
> to s
