Please sign in to comment.
Fix validation logic in the base consumer
The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validate_signatures switch. There was a bug here where the default value provided in the base class made it appear as if *all* child consumers had turned *off* validation, which is incorrect. This fix turns on signature validation by default while preserving the ability of child consumers to override the on-disk configuration in special cases. Fixes: CVE-2017-1000001 Reviewed-by: Patrick Uiterwijk <firstname.lastname@example.org>
- Loading branch information...