You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by GitBox <gi...@apache.org> on 2021/08/11 09:19:25 UTC
[GitHub] [james-project] chibenwa opened a new pull request #589: JAMES-1862 Generalize STARTTLS sanitizing fix
chibenwa opened a new pull request #589:
URL: https://github.com/apache/james-project/pull/589
All line based protocols are subject to command injections for "man in the middle"
attacks. We hereby generalize the SMTP fix.
Note that we slightly modified the behaviour to bypass this sanitizing as soon as the users
are authenticated: indeed authentication happens for sure after STARTTLS upgrades.
TODO:
- [ ] Write a test suite for POP3
- [ ] Write a test suite for IMAP
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on pull request #589: JAMES-1862 Generalize STARTTLS sanitizing fix
Posted by GitBox <gi...@apache.org>.
chibenwa commented on pull request #589:
URL: https://github.com/apache/james-project/pull/589#issuecomment-907054834
```
Test Result (2 failures / +2)
org.apache.james.pop3server.POP3ServerTest$StartTlsSanitizing.connectionAreClosedWhenSTLSFollowedByText
org.apache.james.pop3server.POP3ServerTest$StartTlsSanitizing.connectionAreClosedWhenSTLSFollowedByACommand
```
Looks related. I will have a look.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa commented on pull request #589: JAMES-1862 Generalize STARTTLS sanitizing fix
Posted by GitBox <gi...@apache.org>.
chibenwa commented on pull request #589:
URL: https://github.com/apache/james-project/pull/589#issuecomment-906868758
Force pushed to solve conflict...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org
[GitHub] [james-project] chibenwa merged pull request #589: JAMES-1862 Generalize STARTTLS sanitizing fix
Posted by GitBox <gi...@apache.org>.
chibenwa merged pull request #589:
URL: https://github.com/apache/james-project/pull/589
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org