Hi! My name is Klausi. I work as Principal Engineer for jobiqo. I have a master's degree in software engineering from the Vienna University of Technology where I focused my soft skill part on Gender Studies. I'm also interested in technology, politics and ethics.

You can contact me on Mastodon, Bluesky, LinkedIn or per email. My first name dot my last name (Klaus Purer) @protonmail.ch.

Some projects I work on:

D7Security, unofficial extended security support for Drupal 7
Coder, a coding standards checker for Drupal
GraphQL for Drupal, a Drupal module that implements a GraphQL server API
Mastodon Bluesky Sync, a command line tool to synchronize my posts from Mastodon to Bluesky and back

Dangerous Next.js redirects - how misconfiguration can bring your website down

2025-01-30

Black Next.js logos arranged in a circle. In the middle is an emoji with closed eyes exhausting.

Security Advisory: Next.js Denial of Service vulnerability in redirect misconfiguration

Project: Next.js
Security Risk: Less Critical
Vulnerability: Denial of Service (DoS)
Category: OWASP A05:2021 – Security Misconfiguration
Affected versions: all Next.js versions, for example 15.0.3

Note: This vulnerability has been disclosed privately to the Vercel Security Team. They decided that this is a misconfiguration issue and not an inherent security issue.

D7Security presentation at Drupal Dev Days Bourgas

2024-06-26

Here are the slides of my Drupal Dev Days presentation about D7Security in Bourgas. The recording will hopefully follow soon!

D7Security presentation at Drupal Austria Meetup

2024-03-13

Here are the slides and a recording of my Drupal Austria Meetup presentation about D7Security.

Drupal 7 end of life podcast: Unofficial Drupal 7 Security Team

2023-12-31

Here is the video of my appearance on the Drupal 7 end of life podcast, talking about plans for the D7Security group. Thank you Mark Dorison and Chris Free from Chromatic for the recording!

Proposing a Drupal 7 security team

2023-12-12

Update: The D7Security group is now established at gitlab.com/d7security and d7security.org!

Screenshot of a drupal.org release settings page. Contains a warning box with the text "Branches compatible with Drupal 7.x that are set as unsupported cannot be set as supported again.". A big thinking emoji is inserted on the screenshot.

The Drupal Security Team has announced in PSA-2023-06-07 that unsupported Drupal 7 modules/themes cannot be supported again. I'm proposing to create a D7Security team on Gitlab.com that can provide security fixes for those unsupported modules. A small update module can then notify Drupal 7 site owners when new security releases are available on Gitlab.com.

Fully hidden automatic system updates on Ubuntu 20.04

2021-01-05

Screenshot of Ubuntu's update manager popping up during the movie "Tank Girl."

Ubuntu's graphical update manager pops up every time you need to install updates. That can be annoying when you are watching a movie or doing other things and don't want to be bothered all the time. Yes, I want to always apply all updates from all sources, but please do it silently. Here is a small script I use to do that with Anacron.