[openstreetmap/openstreetmap-website] Upload profile picture with standard image formats (#3097)

Revathyne notifications at github.com
Tue Feb 16 08:59:19 UTC 2021


Currently, I don't have any evidence about creating a security hole, but hackers can add vulnerable files with any extensions. Yes extensions like BMP, TIFF, and SVG can also be added. 
I agree with you that without trying we cannot make sure how things will work. Hope you will find some fix for this. Thanks.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/openstreetmap/openstreetmap-website/pull/3097#issuecomment-779687617
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/rails-dev/attachments/20210216/dbdf715f/attachment.htm>


More information about the rails-dev mailing list