search

easysoft / zentaopms

Zentao is an agile(scrum) project management system/tool, Free Upgrade Forever!​
http://www.zentao.pm
Other
1.29k stars 323 forks source link

Trying to get in touch regarding a security issue #69

Closed zidingz closed 2 years ago

zidingz commented 3 years ago

Hi there,

I couldn't find a SECURITY.md in your repository and am not sure how to best contact you privately to disclose a security issue.

Can you add a SECURITY.md file with an e-mail to your repository, so that our system can send you the vulnerability details? GitHub suggests that a security policy is the best way to make sure security issues are responsibly disclosed.

Once you've done that, you should receive an e-mail within the next hour with more info.

Thanks! (cc @huntr-helper)

easysoft commented 3 years ago

Hello,

Thank you very much and you can send the issue to my email: chunsheng@easycorp.ltd.

am0o0 commented 3 years ago

hello dears, did you see the reports?

am0o0 commented 3 years ago

Hey guys any feedback?😢

easysoft commented 3 years ago

Hello, please send the report to chunsheng@easycorp.ltd. We don't receive any reports yet. Perhaps the mail list of security@easycorp.ltd providered by Tencent doesn't work and we'll check it.

zidingz commented 3 years ago

@easysoft I'll send another email to security@easycorp.ltd - you'll receive it in about an hour. Thanks!

am0o0 commented 3 years ago

hey guys. did you receive any email?

easysoft commented 3 years ago

Hello, we have received the email and we'll check it. Thanks a lot.

easysoft commented 3 years ago

Hello,

You can send email to @.*** Thanks a lot.

From: Ziding Zhang Date: 2021-08-11 23:02 To: easysoft/zentaopms CC: easysoft; Mention Subject: Re: [easysoft/zentaopms] Trying to get in touch regarding a security issue (#69) Hey @easysoft, We've been trying to contact you on @.*** with updates on zentaopms security issues. However, we suspect our emails have been blocked by your Tencent QQ mail server, which has been known to block Western IPs. Could you kindly provide an alternate email, possibly not hosted by Tencent? This way, we can maintain a clear channel of communication. Happy to assist you through the process. Thank you, and apologies for the hassle. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.