Change Details

Mozilla's Phabricator fork addressed three vulnerabilities recently. We may want to merge some of their changes: https://github.com/mozilla-conduit/phabricator/commits/master/ 1. Stored XSS via PDF files. https://github.com/mozilla-conduit/phabricator/commit/5ec132bf9ebfb90558f1b7f646772176629f86d0 Further reading about this kind of vulnerability: https://github.com/jonaslejon/malicious-pdf 2. "Possible XSS when downloading raw diffs from a revision" https://github.com/mozilla-conduit/phabricator/commit/d8bb7d91b7d219902afed1ae7a8ae5e33862a842 I haven't figured out how it works yet. 3. T15663 Profile transformation on private files makes it publicly accessible

Mozilla's Phabricator fork addressed three vulnerabilities recently. We may want to merge some of their changes: https://github.com/mozilla-conduit/phabricator/commits/master/ 1. D25464 Stored XSS via PDF files. https://github.com/mozilla-conduit/phabricator/commit/5ec132bf9ebfb90558f1b7f646772176629f86d0 Further reading about this kind of vulnerability: https://github.com/jonaslejon/malicious-pdf 2. "Possible XSS when downloading raw diffs from a revision" https://github.com/mozilla-conduit/phabricator/commit/d8bb7d91b7d219902afed1ae7a8ae5e33862a842 I haven't figured out how it works yet. 3. T15663 Profile transformation on private files makes it publicly accessible

Mozilla's Phabricator fork addressed three vulnerabilities recently. We may want to merge some of their changes: https://github.com/mozilla-conduit/phabricator/commits/master/ 1. D25464 Stored XSS via PDF files. https://github.com/mozilla-conduit/phabricator/commit/5ec132bf9ebfb90558f1b7f646772176629f86d0 Further reading about this kind of vulnerability: https://github.com/jonaslejon/malicious-pdf 2. "Possible XSS when downloading raw diffs from a revision" https://github.com/mozilla-conduit/phabricator/commit/d8bb7d91b7d219902afed1ae7a8ae5e33862a842 I haven't figured out how it works yet. 3. T15663 Profile transformation on private files makes it publicly accessible