Mercurial > hg > nginx
view docs/dtd/changes.dtd @ 9287:32d4582c484d
Mail: fixed EXTERNAL to be accepted only if enabled.
As originally implemented in 6774:bcb107bb89cd, it wasn't possible to
disable the EXTERNAL authentication method: it was always accepted
(but not advertised unless enabled). It is, however, believed that
it is better to reject attempts to use the disabled method, hence in
6869:b2915d99ee8d an attempt was made to address this. This attempt
was insufficient though: it was still possible to use the method as long
as initial SASL response was used.
With this patch both challenge-response and initial response forms are
disabled. Additionally, initial response handling for the PLAIN
authentication is removed from ngx_mail_auth_parse(), for consistency
and to don't provoke such bugs.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Mon, 03 Jun 2024 18:03:05 +0300 |
parents | e79c7521aaf4 |
children |
line wrap: on
line source
<!ENTITY nbsp " " > <!ENTITY mdash " - " > <!ELEMENT change_log (section)* > <!ELEMENT section (changes)* > <!ATTLIST section title CDATA #REQUIRED > <!ELEMENT changes (change)* > <!ATTLIST changes ver CDATA #REQUIRED date CDATA #REQUIRED > <!ELEMENT change (para)* > <!ATTLIST change type (bugfix | feature | change | security | workaround) #IMPLIED > <!ELEMENT para (#PCDATA | at | br | nobr)* > <!ATTLIST para lang (ru | en) #REQUIRED > <!ELEMENT at EMPTY > <!ELEMENT br EMPTY > <!ELEMENT nobr (#PCDATA) >