bcosca / fatfree

A powerful yet easy-to-use PHP micro-framework designed to help you build dynamic and robust Web applications - fast!

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Trying to get in touch regarding a security issue

zidingz opened this issue · comments

commented

Hey there!

I'd like to report a security issue but cannot find contact instructions on your repository.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

commented

@ikkez @xfra35 @bcosca @Rayne guess this should be redirected to the slack channel?

@zidingz yes.. please join our slack channel and DM to me, ikkez, or rayne or n0nag0n
a SECURITY.md is also a good idea.. guess we need to setup some email forwarding first @sn0opy !?

commented

Thank you both @ikkez and @KOTRET

Unfortunately, there is an inherent limitation to our system that won't allow me to grant your team access to the report pages without an authorised email. This is because we verify maintainer status based on GitHub accounts and write-access i.e. merging a SECURITY.md. Does that sound reasonable? I'm happy to answer any questions you may have; you may also read more on huntr.dev

And if it'll save you time: #1233

Merged. @KOTRET @Rayne @xfra35 @sn0opy ... I've just placed my email in the security file at the moment. Hit me if I should put one of yours there as well or when a forwarder was set up. thx

Thanks for the posted issues. There's nothing to worry about. Looks like some simple static code analyzer results to me. It's good to check twice, but these are no security issues in the used context.

NB: issues posted were about a random number usage and merging php globals. Hit me if you want to know more.

commented

Thank you for your time!