ImageMagick potentially vulnerable due to omission of hardening configuration #743
Comments
|
Thank you very much for this! Strange that it appears in the system checks in Nextcloud if not installed though... |
|
Thanks! This is now fixed. I appreciate the heads up! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Greetings,
When we, the people around nextcloud/nextcloud-snap, were discussing a pull request regarding integration of the imagemagick plugin into the snap, we evaluated upstream documentation and also your implementation, a really useful reference when working on the snap, at least for me personally.
Here is the pull request.
We eventually decided against including
php-imagickbecause a lot of further configuration would have needed to be done, as upstream deems the defaults insecure for public-facing installations.Please have a look at the comments on the pull request mentioned and the links provided there.
I believe the current integration of
php-imagickhere is having the same problems that are outlined in the referenced pull request.Ciao
The text was updated successfully, but these errors were encountered: