AJ Jordan

We need to require the old password in order to request password changes, because if an attacker compromises a session id but not the password they shouldn't be able to...

This is urgent because Node Security Platform is dead and gone.

I think it might be interesting to have a "staging mode" for when admins are first trying to set up their configuration. In this mode, we'd make changes like: *...

See https://docs.travis-ci.com/user/conditional-builds-stages-jobs/, https://docs.travis-ci.com/user/build-stages/, and https://docs.travis-ci.com/user/conditions-v1

I would like to audit all the code we load as root to make sure it's not doing anything malicious. To limit scope, this ticket does _not_ encompass: * Anything...

Tracking bug for things to do when we drop Node 6. See also: #1502 - [ ] Upgrade Zombie, see #1562 - [ ] Upgrade JSDOM, see #1677 - [x]...

This is a big reason I factored out the config module; we should actually make use of it.

See http://humanstxt.org/Standard.html

Feed the big list of naughty strings into the test suite

3

https://github.com/minimaxir/big-list-of-naughty-strings/blob/master/blns.txt