[sakai2-tcc] Plan for CLE 2.9.3
Neal Caidin
neal.caidin at apereo.org
Wed Jun 26 05:50:03 PDT 2013
It looks like Lazy Consensus has prevailed. Please see the 2.9.3 plan below.
Our biggest challenge right now is getting Lessons tested. This came up
unexpectedly due to the Gradebook API issue and the JW Player licensing
issue. If you can figure out ways to contribute to the testing effort
please let me know asap. So far it is just two of us testing.
Thanks,
Neal
On Thu, Jun 20, 2013 at 1:37 PM, Aaron Zeckoski <azeckoski at unicon.net>wrote:
> Also, for the record, the difference between high and low today is
> that high restricts embeds and objects to a known set of safe hosts
> whereas low allows any host (dangerous or otherwise). OWASP recommends
> and defaults to NOT allowing embeds from sites outside the safe list
> as it is an attack vector.
>
> That high/low difference might change in the future but that is what
> it will be for 2.9.x anyway.
> -AZ
>
>
> On Thu, Jun 20, 2013 at 1:31 PM, Seth Theriault <slt at columbia.edu> wrote:
> > On Thu, Jun 20, 2013 at 1:11 PM, Neal Caidin
> > <nealcaidin at sakaifoundation.org> wrote:
> >
> >> Scope - Antisamy on by default, High setting. Some additional fixes and
> >> translations.
> >
> > For the record, there are no reported installations running with
> > "High" as the default setting. Longsight has indicated that their
> > clients are running with the "Low" setting.
> >
> > Seth
> > _______________________________________________
> > sakai2-tcc mailing list
> > sakai2-tcc at collab.sakaiproject.org
> > http://collab.sakaiproject.org/mailman/listinfo/sakai2-tcc
>
>
>
> --
> Aaron Zeckoski - Software Architect - http://tinyurl.com/azprofile
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://collab.sakaiproject.org/pipermail/sakai2-tcc/attachments/20130626/17a48748/attachment.html
More information about the sakai2-tcc
mailing list