[Security] Vulnerability found
nbeguier opened this issue · 4 comments
I've found a "critical vulnerability" (in my opinion) on Flagr 1.1.12, who can I contact ?
Your Environment
- Version used (
flagr version
): 1.1.12 - Server type and version: any
- Operating System and version (
uname -a
): any
@ivanRylach @sesquipedalian-dev
I'm also available at https://keybase.io/zhuojie for encrypted messages
It's been 90 days since my report and you successfully fix the issue. You may want to release v1.1.13 because I'll probably disclose the PoC in the following weeks, as agreed.
@zhouzhuojie
It's been 90 days since my report and you successfully fix the issue. You may want to release v1.1.13 because I'll probably disclose the PoC in the following weeks, as agreed.
@zhouzhuojie
Hey @nbeguier, thanks for reporting again. I don't have the write permission to this repo anymore, @marceloboeira and I are thinking of maintaining a new community version of flagr with strict API backward compatibility of course, see the new release cut there.
Stale issue message