Difference between revisions of "XEP-Remarks/XEP-0313: Message Archive Management"
Jump to navigation
Jump to search
(Add Category) |
(→Client-side Processing: Add CVE-2020-26547 in Monal) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
= | {{remarks}} | ||
= Client-side Processing = | |||
'''Forwarded messages MUST NOT be accepted from JIDs other than the user's bare account JID''', or else: | |||
* [https://gultsch.de/dino_multiple.html CVE-2019-16235+ Multiple Vulnerabilities found in Dino] | |||
* [https://op-co.de/tmp/CVE-2017-5589.html CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability] (similar, but not identical issue) | |||
* [https://monal.im/blog/cve-2020-26547/ CVE-2020-26547 Missing verification of origin of MAM results in Monal] | |||
= Missing "Give the the last N messages starting from the oldest" query = | |||
Latest revision as of 17:35, 31 January 2021
|
This is a page for information about XEP-Remarks/XEP-0313: Message Archive Management, including errata, comments, questions, and implementation experience. |
Client-side Processing
Forwarded messages MUST NOT be accepted from JIDs other than the user's bare account JID, or else:
- CVE-2019-16235+ Multiple Vulnerabilities found in Dino
- CVE-2017-5589+ Multiple XMPP Clients User Impersonation Vulnerability (similar, but not identical issue)
- CVE-2020-26547 Missing verification of origin of MAM results in Monal