JulienTant
commented
6 months ago @lindy65 I'm not quite sure how to test the security part of this - for the functional side we just want to make sure that messages are synced as before.
Closed JulienTant closed 5 months ago
JulienTant
commented
6 months ago @lindy65 I'm not quite sure how to test the security part of this - for the functional side we just want to make sure that messages are synced as before.
JulienTant
commented
5 months ago @lindy65 deferring this to get it in
Summary
Use
ConstantTimeCompareinstead of!=to reduce the risk of timing attacks on the webhook secretTicket Link
https://mattermost.atlassian.net/browse/MM-57072