Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Avoid MiTM by downloading through https #11188

Merged
merged 1 commit into from
Oct 31, 2020

Conversation

alromh87
Copy link
Contributor

⚙️ Description *

Resources where downloaded through insecure connection enabling an attacker to intercept communications and replacing with malicious data, downloaded files are intended for execution

💻 Technical Description *

Replace http url with https for downloading resources

🐛 Proof of Concept (PoC) *

Download is performed through insecure connection

🔥 Proof of Fix (PoF) *

After fix Secure conection is stablished for downloads

👍 User Acceptance Testing (UAT)

Resources can be downloaded normally

@CLAassistant
Copy link

CLAassistant commented Sep 26, 2020

CLA assistant check
All committers have signed the CLA.

@filipenevola filipenevola added this to the Release 1.12 milestone Oct 28, 2020
@filipenevola filipenevola changed the base branch from devel to release-1.12 October 31, 2020 15:57
@filipenevola filipenevola merged commit f4c1729 into meteor:release-1.12 Oct 31, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants