Anyone who bashes open source code for bugs is an idiot. Maybe the "community" should start auditing code instead of blogging and tweeting about how awful things are. This functionality has been around for so long it is generational.
I actually think it's fine to have an opinion on any piece of software.
However weev is completely correct in telling people that shell environment variables were an obviously bad place for arbitrary data set by people on the internet back in the 90s. The shell wasn't designed for that, it's known to be insecure.
HNs defence of Apache doing silly things seems to be more love of Apache and lack of knowledge of Unix fundamentals than hate of free tools.
Agreed. Misuse is a problem. However sometimes being too flexible opens itself up to unintended misuse.
It seems as if though foss is so reliable that people start to act entitled when shit hits the fan. Software has never been problem free and never will.
I'm just glad I haven't seen a libreBash or some other lame fork instead of just adding more eyes to the existing functioning project.
+1 to the person(s) responsible for finding this.
Everyone complaining should stfu