Ticket #2224 (closed defect: fixed)
Security vulnerability in Dotclear version 2.10.4
Reported by: | smarterbitbybit | Owned by: | team |
---|---|---|---|
Priority: | highest | Milestone: | 2.11 |
Component: | module:core | Version: | 2.10.4 |
Severity: | critical | Keywords: | security vulnerability |
Cc: |
Description
I need a working email address to send the report to.
Change History
comment:2 Changed 7 years ago by smarterbitbybit
May I know what is the email? It cuts off at security@... I have tried emailing to security@… / contact@… / contact@… but none of them is working.
comment:3 Changed 7 years ago by smarterbitbybit
Apparently, the commenting system removes the domain after the @ sign.
Any idea how you can pass me a working email?
comment:4 Changed 7 years ago by noe
security[@]dotclear.net works. We regularily receive messages there.
comment:5 Changed 7 years ago by smarterbitbybit
Hi Noe,
Outlook was unable to send the mail as it was unable to connect to your mail server. I have now gotten into contact with Franck and has sent the report over.
Thanks.
comment:6 Changed 7 years ago by franck <carnet.franck.paul@…>
- Status changed from new to closed
- Resolution set to fixed
(In [5536ac77e915]) Prevents XSS injection in media title, closes #2224, thanks smarterbitbybit for report
Note: See
TracTickets for help on using
tickets.
Hi,
You can send every security report to the following address: security@…