taufik-nurrohman
commented
2 months ago Yes. In case that email does not work, try t[dot]nurrohman77[at]gmail[dot]com, thanks.
Closed Sp1d3rL1 closed 1 month ago
taufik-nurrohman
commented
2 months ago Yes. In case that email does not work, try t[dot]nurrohman77[at]gmail[dot]com, thanks.
Sp1d3rL1
commented
2 months ago I sent an email to hi@taufik-nurrohman.com so you can see if you received it.
taufik-nurrohman
commented
2 months ago Okay thanks a lot for the discovery. Please note that the CMS is not yet hit the stable state until a blog post about version 3.0.0 is published. I will push some patch to the files, delete the latest version and re-release using the same version number.
When the blog post is published, I will tell others to replace the existing installation even if they have the same version number.
Sp1d3rL1
commented
2 months ago Well yes, I understand what you mean. I would like to apply a CVE for this vulnerability, please don't remove the current version completely, but leave a version number for it. Since no one knows about this issue at the moment, you can fix it by releasing 3.0.1 after the official 3.0.0 release. Anyway, please keep a version number for the current version.😉
taufik-nurrohman
commented
2 months ago Mmmhm. Yeah, looks like this is the right time to speed up in making the blog post. I will consider to freeze the current state.
Sp1d3rL1
commented
2 months ago Thanks, and please don't be in too much of a hurry, just release it at your normal pace.
taufik-nurrohman
commented
1 month ago
Hello! There are some security issues in the latest mechaCMS (3.0.0) and I would like to provide you the details privately via email and get your confirmation. Is hi@taufik-nurrohman.com available for this email? I hope to hear from you in time and hopefully we can work together to fix this issue soon! You can contact me at this email address: mnss2021@163.com, or just reply to this issue.