[Owncloud] [Alpha] mod_security rules for ownCloud 5.0
Bernhard Posselt
nukeawhale at gmail.com
Tue May 7 22:07:50 UTC 2013
On 05/07/2013 11:21 PM, Sebastian Kügler wrote:
> Hi ownClouders,
>
> On Monday, May 06, 2013 15:29:56 Lukas Reschke wrote:
>> I just released a custom mod_security ruleset for ownCloud 5.0. - I've
>> rewritten the whole set yesterday which means that it most probably still
>> has some bugs inside ;-)
> Let me state the obvious here: You _released_ a security critical feature
> which has not been thoroughly tested (or even reviewed critically?) and is
> less than 24 hours old.
>
> Looking at the amount of CVE numbers in ownCloud's changelogs and this email,
> this suggests a fundamental process problem.
>
> Having seen ownCloud being ridiculed for its amount of regressions and
> security problems more than once in the past two weeks alone makes me sad. I
> think the software and its underlying ideas has great potentials, but the
> problems it's currently fighting will simply not go away if this way of
> putting code out into the open is the norm.
>
> Cheers,
I think you misunderstand the mod_security stuff. Its a basically some
kind of firewall and an addtional layer of security. Basically it has
nothing to do with the current owncloud code.
More information about the Owncloud
mailing list