Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

透過部がないPNGをJPEGに変換する独自改造の変換後拡張子をjpegに変更 #460

Merged
merged 1 commit into from
Jul 6, 2023
Merged

透過部がないPNGをJPEGに変換する独自改造の変換後拡張子をjpegに変更 #460

merged 1 commit into from
Jul 6, 2023

Conversation

takayamaki
Copy link
Member

imagemagickに起因する脆弱性を防ぐためのimagemagickポリシーに違反していた
imagemagickのポリシーを変えるよりは変換後拡張子を変えたほうがリスクは低いと判断した

@takayamaki
Copy link
Member Author

takayamaki commented Jul 6, 2023
edited
Loading

CircleCIのテスト落ちてるけど手元でテスト通ってるのでマージ強行する
どうせ4.1系ではgithub actionsに移ってるし

@takayamaki
透過部がないPNGをJPEGに変換する独自改造の変換後拡張子をjpegに変更
7bb5e3c 
imagemagickに起因する脆弱性を防ぐためのimagemagickポリシーに違反していた
imagemagickのポリシーを変えるよりは変換後拡張子を変えたほうがリスクは低いと判断した
@takayamaki takayamaki merged commit 1f76d62 into imastodon-v4.0 Jul 6, 2023
1 check passed
@takayamaki takayamaki deleted the fix/png_convert branch July 6, 2023 16:59
@takayamaki
Copy link
Member Author

引っかかってたのはこれ

mastodon/config/imagemagick/policy.xml

Line 25 in 1f76d62

<policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" />

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@takayamaki