TB 52+ leaks installed dictionary
TB 52 introduced a new header Content-Language with no option to turn it off.
Official changelog says about that:Dictionary setting is restored when editing a draft. Content-Language header (RFC 3282) transmitted with message.
Mentioned RFC warns us (Paragraph 4, Security considerations) that incorrect implementation would lead to a privacy leak, which truly happens. For example, you could forge name, timezone and IP to pretend to be a citizen of Iceland, but Content-Language header would leak Content-Language: ru-English, meaning the author rather comes from Eastern Europe.
What shall we do about that?
Trac:
Username: Fleming
To upload designs, you'll need to enable LFS and have admin enable hashed storage. More information