Currently the user can register usernames without any length restriction.
Is that fixed? Couldn't find a relevant commit for that.
Thanks.
John, did you fix the username max length?
janemax Currently the user can register usernames without any length restriction.
Is that fixed? Couldn't find a relevant commit for that.
Thanks.
Well, actually there is a limit for the usernames length - 256 bytes. I will not change this number, because IMO the engine should process such usernames in safe way. Decreasing the username length will mask the vulnerabilities instead of fixing them. In price of limiting the UX of the honest users.