User Details
User Details
- User Since
- Apr 23 2016, 4:02 PM (447 w, 5 d)
- Availability
- Available
Apr 23 2016
Apr 23 2016
In T10832#171473, @epriestley wrote:Broadly, I lean toward this policy going forward:
- When we can perform an accurate test for the vulnerability in a reasonable amount of time/effort and tell you that you are definitely vulnerable (as with Shellshock), we will continue to do so with an active setup warning.
- When we can not perform such a test (as here), we will publish guidance and note the issue in the changelog, but will not attempt to guess if the installed version may be vulnerable because this test will frequently be confusing/misleading/wrong.
- We can re-evaluate this after T5055, which may give us a wider range of tools for providing more accurate vulnerability notifications.