mirror of
https://github.com/zulip/zulip.git
synced 2025-11-10 17:07:07 +00:00
b064559652
This ensures that even if it were possible to create an MIT Kerberos account with a malicious username and/or hack webathena to pretend that's the case, one couldn't do anything malicious. This security improvement only impacts a single installation of Zulip where Zephyr mirroring is in use that has already had the fix applied, so there's no reason to do a security notice for it. Found by Graham Bleaney using pysa.
2.3 KiB
2.3 KiB