Mercurial > p > roundup > code
view README.txt @ 5924:b40059d7036f
issue2550925 strip HTTP_PROXY environment variable
if deployed as CGI and client sends an http PROXY
header, the tainted HTTP_PROXY environment variable is created. It
can affect calls using requests package or curl. A roundup admin
would have to write detectors/extensions that use these mechanisms.
Not exploitable in default config.
See: https://httpoxy.org/
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 13 Oct 2019 17:45:06 -0400 |
| parents | bbfc87ecfdf1 |
| children | 49761be4a931 |
line wrap: on
line source
======================================================= Roundup: an Issue-Tracking System for Knowledge Workers ======================================================= INSTANT GRATIFICATION ===================== The impatient may try Roundup immediately by running demo.py from the source directory:: python demo.py This will create new tracker home in "demo" subdirectory and start server. To reset demo instance:: python demo.py nuke Tracker Home ============= "Tracker Home" is main concept when starting with Roundup. It is directory where all your tracker data is stored. This directory is created every time when new tracker is initialized and includes tracker configuration, database, template, schema and extensions. Installation ============ Please see "doc/installation.txt" Upgrading ========= Please see "doc/upgrading.txt" Usage and Other Information =========================== Start with the index.txt file in the "doc" directory. These documentation files are written in reStructedText, which can be converted into HTML format. If you have Sphinx installed, you can do this by running:: python setup.py build_doc Resulting HTML files will be in "share/doc/roundup/html" directory. For Developers ============== To get started on development work, read the developers.txt file in the "doc" directory. License ======= See COPYING.txt