10 Mar
2022
10 Mar
'22
9:48 p.m.
On 3/10/22 12:49, Stanisław Findeisen via Mailman-users wrote:
Hello
I've just noticed that Postorius API is publicly accessible from the outside to an unauthenticated user, for example:
https://HOST/postorius/api/templates/list/LISTNAME.VHOST/list:member:regular...
Is this what is expected? Or a misconfiguration? How to fix this?
It is expected. That API only serves Postorius configured email templates. Do you think that is sensitive information?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan