A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked into the HTTP server logs.
A security issue has been found in HyperKitty before version 1.3.5. The secret archiver key is passed as a GET query parameter and can therefore be leaked into the HTTP server logs.
https://gitlab.com/mailman/hyperkitty/-/blob/1.3.5/doc/news.rst#security https://gitlab.com/mailman/hyperkitty/-/issues/387 https://gitlab.com/mailman/hyperkitty/-/merge_requests/354 https://gitlab.com/mailman/hyperkitty/-/commit/b415d29d6cc59b3270c35b03ba3313dd03450271