Commit Graph

1 Commits (0b4981588e6e7e5c49219fa534482f789dc14dad)

Author SHA1 Message Date
Simon McVittie 9a275b2f18 doc: Document security issues involving LWP::UserAgent
Recommend the LWPx::ParanoidAgent module where appropriate.
It is particularly important for openid, since unauthenticated users
can control which URLs that plugin will contact. Conversely, it is
non-critical for blogspam, since the URL to be contacted is under
the wiki administrator's control.

Signed-off-by: Simon McVittie <smcv@debian.org>
2019-02-26 22:21:31 +00:00