macowie
commented
11 months ago Filed a followup story to update this insecure setting, it's a little involved and I'd rather at least get the patches out for now
Closed macowie closed 11 months ago
macowie
commented
11 months ago Filed a followup story to update this insecure setting, it's a little involved and I'd rather at least get the patches out for now
We had been on an old version of Omniauth with some outstanding alerts, along with some aged plugins. This updates everything to latest, and switches to a different stale bitbucket integration, but one that actually uses oauth2 now.
This does introduce a new (silenced) warning about allowing oauth requests by GET, and this is in fact insecure. But it's also something the app has been doing the whole time. So, while it's something to resolve, it shouldn't block other fixes.