[Koha-bugs] [Bug 28200] Net::Netmask 1.9104-2 requires constructor change for backwards compatibility
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Thu May 6 08:24:07 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=28200
--- Comment #11 from David Cook <dcook at prosentient.com.au> ---
(In reply to Martin Renvoize from comment #10)
> I've not read enough of th background to understand why support was dropped
> for security reasons in the upstream library? It feels like if they've
> disabled it by default for a reason we shouldn't just re-enable it without
> considering the possible security ramifications. That said, I wouldn't be
> opposed to tying that constructor line to yet another system preference that
> defaults to enabled for upgrades and disabled for new installs.. That way
> we don't break anyone's setups but encourage the more secure form going
> forward?
Personally, I think their labelling it as a "security" change was overblown. My
understanding is that they dropped support for the abbreviated format because
it *might* be too easy to accidentally specify a more permissive range than one
intends.
I can see how 10.10 is much less explicit than 10.10.0.0/16 but I don't really
see the problem.
But at this point in the discussion I am OK with Koha dropping support for the
abbreviated form.
I suppose the question is do we leave it as a breaking change or do we
automagically fix people's configuration?
I don't mind manually fixing all my instances, but I also know this stuff
really well.
It looks like HEA doesn't capture the relevant ILS-DI syspref
(https://hea.koha-community.org/systempreferences) so I don't know what people
have used...
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list