Skip to content

GitLab

GitLab is used only for code review, issue tracking and project management. Canonical locations for source code are still https://gitweb.torproject.org/ https://git.torproject.org/ and git-rw.torproject.org.

Closed
Opened by Trac@tracbot

TB 52+ leaks installed dictionary

TB 52 introduced a new header Content-Language with no option to turn it off.

Official changelog says about that:Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message.

Mentioned RFC warns us (Paragraph 4, Security considerations) that incorrect implementation would lead to a privacy leak, which truly happens. For example, you could forge name, timezone and IP to pretend to be a citizen of Iceland, but Content-Language header would leak Content-Language: ru-English, meaning the author rather comes from Eastern Europe.

What shall we do about that?

Trac:
Username: Fleming

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information