Skip to content

Replace unmaintained HTTP NTLM library with RubyNTLM #495

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
sempervictus opened this issue Jun 17, 2017 · 4 comments · Fixed by #574
Closed

Replace unmaintained HTTP NTLM library with RubyNTLM #495

sempervictus opened this issue Jun 17, 2017 · 4 comments · Fixed by #574

Comments

@sempervictus
Copy link

The HTTP NTLM library appears dead - almost 10y since an update. RubyNTLM is actually conflicting with the old gem in bundles which end up with both as dependencies when Mechanize is a dependency itself.
@cielavenir
Copy link

#436

@deivid-rodriguez
Copy link

Seems related: pyu10055/ntlm-http#13

@sempervictus
Copy link
Author

Wow, this is still open...
Pretty sure I've literally reverse engineered ssp3 signing since this was opened. If marking this as a security issue helps move it along, it is one since the lib in use is leveraging old and easy to intercept/reuse ntlm message formats.

flavorjones added a commit that referenced this issue Mar 31, 2021
@flavorjones
dep: prefer rubyntlm to ntlm-http
6353efa 
Closes #495
@flavorjones flavorjones mentioned this issue Mar 31, 2021
Merged
@flavorjones
Copy link
Member

The next version of Mechanize will depend on rubyntlm (likely 2.8.0).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

dep: prefer rubyntlm to ntlm-http sparklemotion/mechanize
5 participants
@flavorjones @sempervictus @cielavenir @deivid-rodriguez and others