en - [sympa-users] Is the fastcg warning still valid?

Subject: The mailing list for listmasters using Sympa

List archive

[sympa-users] Is the fastcg warning still valid?

From: Flemming Bjerke <address@concealed>
To: address@concealed
Subject: [sympa-users] Is the fastcg warning still valid?
Date: Mon, 12 Jun 2017 11:05:55 +0200

On sympa.org, there is a warning against using fastcgi in apache. Is this warning still valid?

SECURITY WARNINIG

mod_fastci was recently reported to have critical session management issues (at least when used with Sympa).

After logging in the Sympa web interface, users were attributed the identity of other previously logged in people. This could potentially lead to basic users being authenticated as listmaster.
Consequently we strongly discourage you from using mod_fastcgi until further notice.

https://www.sympa.org/manual/web-interface

Flemming

[sympa-users] Is the fastcg warning still valid?, Flemming Bjerke, 06/12/2017
- Re: [sympa-users] Is the fastcg warning still valid?, Adam Bernstein, 06/12/2017
  - Re: [sympa-users] Is the fastcg warning still valid?, Stefan Hornburg (Racke), 06/13/2017
    - Re: [sympa-users] Is the fastcg warning still valid?, Flemming Bjerke, 06/14/2017
      - Re: [sympa-users] Is the fastcg warning still valid?, Stefan Hornburg (Racke), 06/14/2017
        
        Re: [sympa-users] Is the fastcg warning still valid?, Peter Schober, 06/14/2017
        
        Re: [sympa-users] Is the fastcg warning still valid?, Stefan Hornburg (Racke), 06/14/2017
        
        Re: [sympa-users] Is the fastcg warning still valid?, Flemming Bjerke, 06/15/2017
        
        Re: [sympa-users] Is the fastcg warning still valid?, Stefan Hornburg (Racke), 06/15/2017

List archive

[sympa-users] Is the fastcg warning still valid?