search

typemill / typemill

Typemill is a lightweight, flat-file CMS designed for simple, fast, and flexible website and eBook creation using Markdown.
https://typemill.net
MIT License
427 stars 60 forks source link

Security concern #406

Closed psmoros closed 2 months ago

psmoros commented 10 months ago

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@scgajge12) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

trendschau commented 10 months ago

Thank you very much, I added a security.md file now: https://github.com/typemill/typemill/blob/master/SECURITY.md

Can you please send the report to security@typemill.net ?

trendschau commented 9 months ago

Thank you very much for reporting, I will try to fix it soon and I will include the fixes in upcomming version 2 of Typemill. Sorry that I cannot react as quickly as needed in this case.

trendschau commented 2 months ago

Issues should be fixed in Version 2 (2.3.0). Please send me a mail if you still find anything related to security.

thank you very much for the hints!!