mirror of
https://github.com/warmcat/libwebsockets.git
synced 2025-03-30 00:00:16 +01:00
![]() Up until now if you wanted to drop privs, a numeric uid and gid had to be given in info to control post-init permissions... this adds info.username and info.groupname where you can do the same using user and group names. The internal plat helper lws_plat_drop_app_privileges() is updated to directly use context instead of info both ways it can be called, and to be able to return fatal errors. All failures to lookup non-0 or -1 uid or gid names from uid, or to look up uid or gid from username or groupnames given, get an err message and fatal exit. |
||
---|---|---|
.. | ||
mainpage.md | ||
README.build.md | ||
README.ci.md | ||
README.coding.md | ||
README.content-security-policy.md | ||
README.contributing.md | ||
README.crypto-apis.md | ||
README.esp32.md | ||
README.generic-sessions.md | ||
README.generic-table.md | ||
README.http-fallback.md | ||
README.lwsws.md | ||
README.plugin-acme.md | ||
README.plugin-sshd-base.md | ||
README.problems.md | ||
README.release-policy.md | ||
README.test-apps.md | ||
README.unix-domain-reverse-proxy.md | ||
README.vulnerability-reporting.md | ||
release-checklist |
Vulnerability Reporting
If you become aware of an issue with lws that has a security
dimension for users, please contact andy@warmcat.com
by
direct email.
Procedure for announcing vulnerability fixes
The problem and fixed versions will be announced on the libwebsockets mailing list and a note added to the master README.md.