Open irsl opened 6 years ago
Hi,
I know... it's been a few years... but it seems that the best person to communicate critical security vulnerabilities is @JonDeG, who fixed a few... back in 2015 😞
were these published anywhere?
@irsl, thanks for publishing those vulnerabilities!
It's a pity, actually, since I love(d) ProjectPier, but it became impossible to patch it myself to get it to run under PHP 8.0+, so I followed your recommendation and moved to a different (but similar) application...
@GwynethLlewelyn Please tell which application.
@GwynethLlewelyn Please tell which application.
Completely off-topic, but I'm using dotProject. Aye, I'm aware it also has many security issues; and I have forked it to get a version that runs under PHP 8.0; granted, I haven't gotten the time to finish everything, but 90% of the functionality should be working, with some quirks here and there. The maintainers of the GitHub repository, however, are a bit silent — never a good sign — taking into account that they have a huge PR to review...
I did start on doing the same for ProjectPier, but it was simply way too much work — the codebase is simply way too old to get it to run on any recent version of PHP.
I just identified some critical security vulnerabilites in this project - let me know where to report them - if this project is not completely dead yet. Note: I'm going to publish an advisory about them.