Hi again Hadmut, On Sun, Apr 21, 2024 at 08:25:23PM +0300, Hadmut Danisch wrote: > Hi Dmitry, > > > even their own website > > https://wkhtmltopdf.org/status.html > > says: > > *Do not use wkhtmltopdf with any untrusted HTML* – be sure to > sanitize any user-supplied HTML/JS, otherwise it can lead to > complete takeover of the server it is running on! Please consider > using a Mandatory Access Control system like AppArmor or SELinux, > see recommended AppArmor policy <https://wkhtmltopdf.org/apparmor.html>. > > Wouldn't it be more than enough or a reason to throw this out of > debian/ubuntu, until they fixed this? First, I am the wrong person to ask about this. I am CCing the wkhtmltopdf maintainer. Second, wkhtmltopdf is not a leaf package, there are other packages depending on it: Reverse-Recommends ================== * civicrm-common * python3-a38 Reverse-Depends =============== * odoo-16 * python3-django-wkhtmltopdf * python3-pdfkit -- Dmitry Shachnev
Attachment:
signature.asc
Description: PGP signature