Skip to content

security hotfix: actor containment

kaniini requested to merge security/actor-containment into develop

It was reported to us that a user was able to spoof an activity by manipulating attributedTo. This demotes the level of trust given to attributedTo appropriately and tests that actor cannot be rewritten by Transmogrifier later.

Merge request reports