|
|
|
|
|
|
by geggo98
2791 days ago
|
|
|
There is no blame on you. There is no way you can provide a configuration that will be secure on every server. My recommendation: add a big warning message that there is at least one known security hole and many unknown ones in the server code and it is up to the just to secure their server properly. Then fix the demo code but leave the warning there. It's always up to the developers to check the system they build for security problems. They could use the best frameworks in the world and copy thoro reviewed example code. The end result might still have huge security problems. |
|
|
I already got a helpful pull request for the main README.me that I've updated by now with
- Security-related releases on top of the main page: https://github.com/blueimp/jQuery-File-Upload#%EF%B8%8F-secu...
- Security guidelines linked in various places on how to securely set up file uploads: https://github.com/blueimp/jQuery-File-Upload/blob/master/SE...
- A list of the fixed vulnerabilities with instructions on how to fix it for the recent critical one: https://github.com/blueimp/jQuery-File-Upload/blob/master/VU...
The demo code was fixed as soon as I could confirm the report from Larry Cashdollar.