eilrix
commented
2 years ago Hey! Thanks for letting me know, I created SECURITY.md
Closed JamieSlome closed 2 years ago
eilrix
commented
2 years ago Hey! Thanks for letting me know, I created SECURITY.md
JamieSlome
commented
2 years ago @eilrix - thanks for your support!
You should have received an e-mail about 9 hours ago!
For reference, you can view the report here. It is private and only accessible to maintainers with repository write permissions.
eilrix
commented
2 years ago @JamieSlome for some reason I haven't received email. Are you sure it was security@cromwellcms.com ? I checked, my email service is working.
I looked at the report, thanks! I left a comment on my report, I'm not sure to approve or reject. Is there any way to change status "Awaiting review" without pressing approve/reject?
Btw huntr.dev looks great, very helpful service!
JamieSlome
commented
2 years ago @eilrix - ah, I can see what happened. Looks like a bug on our side - apologies!
Happy you have found your way to the report nonetheless! The approve/reject buttons change the status specifically. If you mark as invalid, it will become public and be marked as invalid. If you mark as valid, it will move to awaiting fix.
Let me know if you have any further questions and happy to help 👋
JamieSlome
commented
2 years ago @eilrix - I have sent the e-mail over to the security e-mail again, just for completeness 😄
eilrix
commented
2 years ago @JamieSlome alrighty, I got the email with my magic link :)
Hey there!
I belong to an open source security research community, and a member (@wjddnjs33) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)