[openstreetmap/openstreetmap-website] Upload profile picture with standard image formats (#3097)

Tom Hughes notifications at github.com
Tue Feb 16 08:41:10 UTC 2021

Do you have any evidence that this is creating a security hole? That we're somehow handling those files in a way that  is impacting security?

At the very least there are obvious extensions like BMP, TIFF and SVG missing, all of which I am pretty sure that people are using.

Better would be to ask the storage pipeline if it is able to handle the file as an image.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210216/e1186d4a/attachment.htm>

More information about the rails-dev mailing list