We plan to remove FTP protocol implementation from our code. This work
is tracked in bug 1574475 [1]. The plan is to
- place FTP behind a pref and turn it off by default on 77 [2]
- keep FTP enabled by default on 78 ESR [3]
- remove the code completely at the beginning of 2021
We're doing this for security reasons. FTP is an insecure protocol and
there are no reasons to prefer it over HTTPS for downloading resources.
Also, a part of the FTP code is very old, unsafe and hard to maintain
and we found a lot of security bugs in it in the past. After disabling
FTP in our code, the protocol will be handled by external application,
so people can still use it to download resources if they really want to.
However, it won't be possible to view and browse directory listings.
[1] https://bugzilla.mozilla.org/show_bug.cgi?id=1574475
[2] https://bugzilla.mozilla.org/show_bug.cgi?id=1622409
[3] https://bugzilla.mozilla.org/show_bug.cgi?id=1622410
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
