Changes between Initial Version and Version 1 of Ticket #2111


Ignore:
Timestamp:
Dec 6, 2017 12:59:45 PM (4 years ago)
Author:
Reportage
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #2111

    • Property Milestone changed from to undecided
  • Ticket #2111 – Description

    initial v1  
    11The Pebble blog plugin provides useful functionality and is an attractive proposition for new users wishing to deploy a blog on I2P without the overhead of maintaining a separate webserver and/or manual deployment of script.
    22
    3 However, the current Pebble plugin contains vulnerabilities and is flagged as unsuitable for deployment. The latest upstream version (2.6.6) appears to have addressed the issues present in earlier releases (<2.6.3), and therefore it's recommended that the I2P plugin is updated.
     3However, the current Pebble plugin contains vulnerabilities and is flagged as unsuitable for deployment. The latest upstream version (2.6.6) appears to have addressed the issues present in earlier releases (<2.6.4), and therefore it's recommended that the I2P plugin is updated.
    44
    55- https://github.com/pebbleblog/pebble
    66- https://www.cvedetails.com/cve/CVE-2012-5170/
     7- https://www.cvedetails.com/vulnerability-list/vendor_id-5209/product_id-8905/version_id-137287/Simon-Brown-Pebble-2.5.html
    78
    89On a related issue, plugins that are released that subsequently are found to have vulnerabilities would benefit from an author-initiated kill switch. All installed plugins would check at startup of I2P and periodically to ensure that they're not blacklisted by the author. In the event that a plugin has been blacklisted, either a notification to update the plugin or a notification that the plugin is no longer/not currently supported could be published to the sidebar.