search

dokku / ci-docker-image

A Docker Image meant for use with CI/CD pipelines
MIT License
35 stars 24 forks source link

Reporting a vulnerability #63

Closed igibek closed 1 year ago

igibek commented 1 year ago

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

josegonzalez commented 1 year ago

This should be fixed in 0ca5b13c8326f6168cf02b2465c32b7239496fea. I've also enabled private vulnerability reporting (and will go through all the dokku repos and enable it there as well).

josegonzalez commented 1 year ago

Note: not closing until there is capacity to run the job in github actions...