Closed SCH227 closed 11 months ago
Is this related to Fiona #1298 and originating from a vulnerability in libwebp as described in rasterio #2924?
We should probably provide instructions for reporting security issues; I don't see anything listed in the broader GeoPandas documentation. For now you can report it directly to me (bcward@astutespruce.com).
No, I sent it by email. I recommend adding a SECURITY.md file in your repo so reporters have clear instructions on how to handle disclosures. Thank you for your awesome project!
This is related to libcurl linked in via GDAL as part of our wheel-building infrastructure. Crossref curl #12026, details forthcoming on 10/11/2023. Since the pre-notification of the vulnerability is public, no issues publicly disclosing that much here.
Hello!
I may have found a security issue in latest version of pyogrio. Following responsible disclosure, is there an email or other private channel where I could share the details? Thank you