[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1069574: age-old and insecure webkit package



Hi Dmitry,


even their own website

https://wkhtmltopdf.org/status.html

says:

Do not use wkhtmltopdf with any untrusted HTML – be sure to sanitize any user-supplied HTML/JS, otherwise it can lead to complete takeover of the server it is running on! Please consider using a Mandatory Access Control system like AppArmor or SELinux, see recommended AppArmor policy.

Wouldn't it be more than enough or a reason to throw this out of debian/ubuntu, until they fixed this?


regards

Hadmut



Reply to: