- changed status to open
Critical security breach in Django Mail Queue
Issue #136
resolved
Stored attachments can be just downloaded from media_url which is critically insecure. Not only this, but attachments with same name can collide with each other.
I should either patch DMQ or integrate another solution for handling email messaging.
Comments (2)
-
reporter -
reporter - changed status to resolved
Done in https://github.com/dstegelman/django-mail-queue/pull/81
Can use
pip inststall git+https://github.com/Goury/django-mail-queue
for now
- Log in to comment