[feat] Remove senders X-Leap-* headers if the email came with them

We use the X-Leap-Signature and X-Leap-Encryption to signal the signature and encryption status of emails. An attacker could add this headers and trick bitmask to believe that the email was signed and/or encrypted. Now we remove this headers from the original email if they are present before adding ours. - Resolves: #7429
author: Ruben Pollan <meskio@sindominio.net> 2016-08-01 18:51:08 +0200
committer: Ruben Pollan <meskio@sindominio.net> 2016-08-01 19:08:56 +0200
commit: f39a5284ee208a8ba8194b4317b77114e38d73d9 (patch)
tree: 5e9ba5f1facc735873ebf7552686b2788a5f36aa /changes
parent: ee978045e6420377c908c4d4b4400dd3c18a2909 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/changes/next-changelog.rst b/changes/next-changelog.rst
index 21b1010..2731460 100644
--- a/changes/next-changelog.rst
+++ b/changes/next-changelog.rst
@@ -11,6 +11,7 @@ I've added a new category `Misc` so we can track doc/style/packaging stuff.
 Features
 ~~~~~~~~
 - `#8031 <https://leap.se/code/issues/8031>`_: Adapt to the new KeyManager API without key types.
+- `#7429 <https://leap.se/code/issues/7429>`_: Remove senders X-Leap-* headers if the email came with them.
 
 - `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234.
 - New feature without related issue number.
author	Ruben Pollan <meskio@sindominio.net>	2016-08-01 18:51:08 +0200
committer	Ruben Pollan <meskio@sindominio.net>	2016-08-01 19:08:56 +0200
commit	f39a5284ee208a8ba8194b4317b77114e38d73d9 (patch)
tree	5e9ba5f1facc735873ebf7552686b2788a5f36aa /changes
parent	ee978045e6420377c908c4d4b4400dd3c18a2909 (diff)