diff options
author | Ruben Pollan <meskio@sindominio.net> | 2016-08-01 18:51:08 +0200 |
---|---|---|
committer | Ruben Pollan <meskio@sindominio.net> | 2016-08-01 19:08:56 +0200 |
commit | f39a5284ee208a8ba8194b4317b77114e38d73d9 (patch) | |
tree | 5e9ba5f1facc735873ebf7552686b2788a5f36aa /changes | |
parent | ee978045e6420377c908c4d4b4400dd3c18a2909 (diff) |
[feat] Remove senders X-Leap-* headers if the email came with them
We use the X-Leap-Signature and X-Leap-Encryption to signal the
signature and encryption status of emails. An attacker could add this
headers and trick bitmask to believe that the email was signed and/or
encrypted. Now we remove this headers from the original email if they
are present before adding ours.
- Resolves: #7429
Diffstat (limited to 'changes')
-rw-r--r-- | changes/next-changelog.rst | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/changes/next-changelog.rst b/changes/next-changelog.rst index 21b1010..2731460 100644 --- a/changes/next-changelog.rst +++ b/changes/next-changelog.rst @@ -11,6 +11,7 @@ I've added a new category `Misc` so we can track doc/style/packaging stuff. Features ~~~~~~~~ - `#8031 <https://leap.se/code/issues/8031>`_: Adapt to the new KeyManager API without key types. +- `#7429 <https://leap.se/code/issues/7429>`_: Remove senders X-Leap-* headers if the email came with them. - `#1234 <https://leap.se/code/issues/1234>`_: Description of the new feature corresponding with issue #1234. - New feature without related issue number. |