Closed zidingz closed 3 years ago
kenbolton
commented
3 years ago https://github.com/stephenmcd/cartridge#support states:
To report a security issue, please send an email privately to core-team@mezzaninecms.com. This gives us a chance to fix the issue and create an official release prior to the issue being made public.
kenbolton
commented
3 years ago FWIW, the reported security concern is mitigated by includingSESSION_COOKIE_SECURE = True in settings.py. The issue was reported in the demo site.
github-actions[bot]
commented
2 years ago :tada: This issue has been resolved in version 1.0.0b1 :tada:
The release is available on:
v1.0.0b1Your semantic-release bot :package::rocket:
Hey there!
I belong to an open source security research community, and a member (@ktg9) has found an issue, but doesn’t know the best way to disclose it.
If not a hassle, might you kindly add a
SECURITY.mdfile with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)