Use HTTPS, not HTTP, in install scripts
2d7abfd9fa9a
Actions

Authored by epriestley <git@epriestley.com> on Nov 29 2016, 14:25.

Description

Use HTTPS, not HTTP, in install scripts

Summary:
Via HackerOne. A researcher correctly reports that our install scripts use HTTP, not HTTPS, to fetch resources and execute them as root, which is a potentially significant vulnerability.

Instead, use HTTPS.

Test Plan: Verified that these URIs function correctly over HTTPS.

Reviewers: chad

Reviewed By: chad

Differential Revision: https://secure.phabricator.com/D16958

Details

Committed

epriestley <git@epriestley.com>

Nov 29 2016, 21:11

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPHd1838fa5ec5e: Close lightbox when clicking on image-frame

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH2d7abfd9fa9a: Use HTTPS, not HTTP, in install scripts (authored by epriestley <git@epriestley.com>).Nov 29 2016, 21:11

Changes (1)

				Path
	M			scripts/install/install_rhel-derivs.sh

rPH2d7abfd9fa9a

View Options

scripts/install/install_rhel-derivs.sh