Provide option to disable / remove swfupload
|Reported by:||msaffitz||Owned by:|
This suggestion is in response to the vulnerability discussed here: https://github.com/wordpress/secure-swfupload/issues/1
Given swfupload is deprecated, it'd be nice to provide an option to disable and/or remove it from an install to reduce potential attack surface. Ideally this could be done in such a way that plugins could detect whether swfupload were available or not, but I'm not sure how feasible that is or even if it would be ideal, since the work to implement detection would be better spent just upgrading to plupload.