|
|
|
|
|
|
by stefan_
1692 days ago
|
|
|
The first step is always "don't do it at all". Here is the original commit: https://gitlab.com/gitlab-org/gitlab-workhorse/-/commit/8656... It's hard to find a linked detailed requirement for this. I would certainly prefer if GitLab didn't silently mangle uploaded images (not least if I'm working on an EXIF library..). Bonus points for a commit that includes the words "perl" and "exec" not also having a detailed security review attached. |
|
|