lionheart

Send private message

You must be logged in to send a private message.

Friends

No friends yet.

Group membership

Activity

  • lionheart added a new discussion topic Elgg Community Major Security Flaw in the group Feedback and Planning
    Why is https://community.elgg.org using a self-signed certificate? This opens all accounts to a "man in the middle attack." Cloudflare and Letsencrypt issues free, unlimited certificates signed by legitimate Certificate Authorities. Even...
    • Report all security issues to security@elgg.org. Thankfully this is not one.

    • @lionheart, where online do you see a link to community.elgg.org? We need to change them.

    • @Steve I think there are still a lot of links with "community" subdomain in old discussions, replies and on plugin pages. I don't know if it's possible to update them all without spending much time on it. There's even still an open issue about this (https://github.com/Elgg/Elgg/issues/9818).

      If I'm not mistaken the cause of the problem with the "community"subdomain is simply that it's not considered in the Let's encrypt certificate config (the "learn" subdomain seem to be and there's no issue with learn.elgg.org). I think I already suggested to fix the problem by considering the "community" subdomain in the certicate handling/config (maybe to Juho back then). But it seems to have been forgotten all the time...