Page MenuHomePhabricator

Use HTTPS, not HTTP, in install scripts
ClosedPublic

Authored by epriestley on Nov 29 2016, 1:29 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 26, 2:06 PM
Unknown Object (File)
Feb 22 2024, 10:32 PM
Unknown Object (File)
Feb 17 2024, 12:24 AM
Unknown Object (File)
Feb 10 2024, 4:50 PM
Unknown Object (File)
Feb 2 2024, 2:09 PM
Unknown Object (File)
Jan 20 2024, 4:03 PM
Unknown Object (File)
Dec 27 2023, 8:34 AM
Unknown Object (File)
Dec 27 2023, 8:34 AM
Subscribers
None

Details

Summary

Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan

Verified that these URIs function correctly over HTTPS.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley retitled this revision from to Use HTTPS, not HTTP, in install scripts.
epriestley updated this object.
epriestley edited the test plan for this revision. (Show Details)
epriestley added a reviewer: chad.
chad edited edge metadata.
This revision is now accepted and ready to land.Nov 29 2016, 2:37 PM
This revision was automatically updated to reflect the committed changes.