search

cachethq / cachet

🚦 The open-source status page system.
https://cachethq.io
MIT License
13.79k stars 1.55k forks source link

Request for security contact #4270

Closed thomas-chauchefoin-sonarsource closed 2 years ago

thomas-chauchefoin-sonarsource commented 3 years ago

Hi! We tried to contact the various email addresses found in README.md to report a security issue, but we haven't heard back so far. Is there a specific address where we can send our analysis to? Another solution is to create a Security Advisory and invite me to it so we can discuss it privately. Thanks!

welcome[bot] commented 3 years ago

:wave: Thank you for opening your first issue. I'm just an automated bot that's here to help you get the information you need quicker, so please ignore this message if it doesn't apply to your issue. If you're looking for support, you should try the Slack group by registering your email address at https://cachethq-slack.herokuapp.com. Alternatively, email support@alt-three.com for our Professional support service (please note, this a paid service.) If you're issue is with documentation, you can suggest edits by clicking the Suggest Edits link on any page, or open an issue at https://github.com/CachetHQ/Docs

pavog commented 3 years ago

Hi, this might be related to #4271

1resu commented 3 years ago

@thomas-chauchefoin-sonarsource Maybe you can report it to the fork's issue tracker as the original project seams to be inactive.

thomas-chauchefoin-sonarsource commented 3 years ago

I sent a message to github@five.ai but no response so far. cc @sedan07 maybe?

qwertiko commented 3 years ago

@thomas-chauchefoin-sonarsource I would be happy to discuss. would you care to send a message to support@qwertiko.de, we can then arrange for a meeting to discuss this further.

thomas-chauchefoin-sonarsource commented 3 years ago

@qwertiko we will only discuss these bugs with the upstream project or an active fork adopted by the community, sorry.

qwertiko commented 3 years ago

@thomas-chauchefoin-sonarsource I appreciate that. I just wanted to point you to the commit history of the fiveai fork, but I did that with my personal account. appologies.

dihedral commented 3 years ago

@thomas-chauchefoin-sonarsource I would be interested in fixing the issue with a pull request, as I have provided in the fiveai branch. Please feel free to contact me at support@qwertiko.de Alternatively, @sedan07 would be your guy. I am just not sure what is availability would be. If you want, I would listen to your concerns and discuss the fix with fiveai so that we can provide a fix without making the issue known beforehand.

thomas-chauchefoin-sonarsource commented 3 years ago

@sedan07 just contacted me by email 👍

dihedral commented 3 years ago

perfect.

thomas-chauchefoin-sonarsource commented 2 years ago

The issues are being addressed and patches will be available in the FiveAI fork.