[openstreetmap/openstreetmap-website] Upload profile picture with standard image formats (#3097)

Revathyne notifications at github.com
Tue Feb 16 08:59:19 UTC 2021

Currently, I don't have any evidence about creating a security hole, but hackers can add vulnerable files with any extensions. Yes extensions like BMP, TIFF, and SVG can also be added. 
I agree with you that without trying we cannot make sure how things will work. Hope you will find some fix for this. Thanks.

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210216/dbdf715f/attachment.htm>

More information about the rails-dev mailing list