This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
allow_device_name_lookup_over_federation config option may be leaky
#12750
Labels
T-Defect
Bugs, crashes, hangs, security vulnerabilities, or other reported issues.
Comments
squahtx
added
the
T-Defect
|
#14304 addressed another leak. To all: please open a new issue if a further leak is discovered. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
@aaronraimist has noted that the implementation of the
allow_device_name_lookup_over_federationconfig option may be leaky, as determined by manual testing.https://matrix.to/#/!XaqDhxuTIlvldquJaV:matrix.org/$NIF9Q6PAp0X1T6JES3BDVdoxWJa-0fSJdDaX3gJjrHE?via=matrix.org&via=praten.de&via=lingcube.com explains the testing done:
"I was testing was I had allow_device_name_lookup_over_federation: false on my server and then was logging in/out and changing my device names to cause device list updates. I then used Element logged in to accounts on matrix.org, mozilla.org, etc to check my device list and see if the new names were visible."
#9945 implements the option.
#10015 addresses one of the leaks.
The text was updated successfully, but these errors were encountered: