Change Details

Emails sent from noreply@tracker.pureos.net contain HTTP links to tracker.pureos.net, thus vulnerable to MITM attacks when clicked. Examples: 1. in notifications of tasks: TASK DETAIL http://tracker.pureos.net/T118 EMAIL PREFERENCES http://tracker.pureos.net/settings/panel/emailpreferences/ 2. in email verification link sent to new user that done registration. > Please verify that you own this email address (...........) by clicking this link: http://tracker.pureos.net/emailverify/xl............./ Fix: Change settings in tracker to use HTTPS links instead of HTTP, probably can acomplished by: 1. a restart by "phd restart" may fix it, in case it's happening due to caching? see at: https://secure.phabricator.com/T10848 [Notification mails containing old links after changing phabricator.base-uri] 2. The code path of first example use 'phabricator.production-uri' config to determinate the URI to use, so set it in configuration with https URI.

Emails sent from noreply@tracker.pureos.net contain HTTP links to tracker.pureos.net, thus vulnerable to MITM attacks when clicked. Examples: 1. in notifications of tasks: TASK DETAIL http://tracker.pureos.net/T118 EMAIL PREFERENCES http://tracker.pureos.net/settings/panel/emailpreferences/ 2. in email verification link sent to new user that done registration. > Please verify that you own this email address (...........) by clicking this link: http://tracker.pureos.net/emailverify/xl............./ Fix: Change settings in tracker to use HTTPS links instead of HTTP, probably can acomplished by: 1. a restart by "phd restart" may fix it, in case it's happening due to caching? see at: https://secure.phabricator.com/T10848 [Notification mails containing old links after changing phabricator.base-uri] 2. The code path of first example use 'phabricator.production-uri' config to determinate the URI to use, so set it in configuration with https URI, which can be done by command: ./bin/config set phabricator.production-uri HTTPSURIVALUE where HTTPSURIVALUE is result of ./bin/config get phabricator.base-uri

Emails sent from noreply@tracker.pureos.net contain HTTP links to tracker.pureos.net, thus vulnerable to MITM attacks when clicked. Examples: 1. in notifications of tasks: TASK DETAIL http://tracker.pureos.net/T118 EMAIL PREFERENCES http://tracker.pureos.net/settings/panel/emailpreferences/ 2. in email verification link sent to new user that done registration. > Please verify that you own this email address (...........) by clicking this link: http://tracker.pureos.net/emailverify/xl............./ Fix: Change settings in tracker to use HTTPS links instead of HTTP, probably can acomplished by: 1. a restart by "phd restart" may fix it, in case it's happening due to caching? see at: https://secure.phabricator.com/T10848 [Notification mails containing old links after changing phabricator.base-uri] 2. The code path of first example use 'phabricator.production-uri' config to determinate the URI to use, so set it in configuration with https URI.URI,/bin/config set phabricator.production-uri HTTPSURIVALUE where HTTPSURIVALUE is result of ./bin/config get phabricator.base-uri