https://bugs.kde.org/show_bug.cgi?id=502223
piedro <piedro.kul...@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |piedro.kul...@gmail.com
--- Comment #1 from piedro <piedro.kul...@gmail.com> ---
I contacted Synology and reported this as a security breach which should be
prevented by the server in the first place.
Now the Synology developers created a temporary solution to enable a setting to
prevent individual address books (collections) from being exposed to carddav
clients which use the same method of access as kaddressbook does.
This obviously is just a measure on their part to secure their carddav server
implementation. Seems they take this seriously and they started immediately to
actively work on it. Honestly I am surprised that they came up with a work
around within two days!
In their response they pinpointed to the problem within kaddressbook - it seems
to access carddav servers by using a "PROPFIND request".
I guess that's the culprit and shouldn't be too hard to fix?
Here's their remark:
Synology, 2025-04-01 06:26:50:
"Thanks for your waiting.
After confirming with the developers, some CardDAV will force a PROPFIND
request for all non-hidden address books."
Hope this helps - please fix this, this bug is a sever security issue imho...
Thx, pk
--
You are receiving this mail because:
You are watching all bug changes.
