Deprecate the use of the library without passing a certificate hash

jadolg / outline-vpn-api

A Python API wrapper for Outline VPN https://getoutline.org/

MIT License

123 stars 32 forks source link

Deprecate the use of the library without passing a certificate hash #30

Closed jadolg closed 8 months ago

jadolg commented 8 months ago

Using this wrapper without specifying the certificate fingerprint is insecure because that's the only way to verify that the server is the correct one. Before https://github.com/jadolg/outline-vpn-api/issues/10, we were not even doing any validation but that changed because of the security concerns. We decided not to remove it immediately and do a controlled full version bump when it made sense.

Stop allowing the usage of the library without certificate
Bump version to 5.0.0

sonarcloud[bot] commented 8 months ago

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud