-
Notifications
You must be signed in to change notification settings - Fork 401
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Trying to get in touch regarding a security issue #544
Comments
maybe @barryvdh |
Yes please email me directly. My username at Gmail |
Was this fixed by barryvdh/laravel-debugbar#1442, barryvdh/laravel-debugbar#1443 Knowit? |
I don't think these are related. Also I think those PRs are not directly an issue for this repo because storage isn't enabled by default. |
Shouldn't that be a PR and let Pavlos to maintain it? Or any other who
would? And, TBH: most of security warnings refer to:
1 - People who let it activate on production (really? yeah, there are some)
2 - PHP issues (if it's off on production, if persistent data is not
mutable by the component, this is NOT a bug from us, but from
implementation).
So, Pavlos, welcome to the maintainer role SECURITY.md. Write it and create
the PR. Welcome to the team. Your role is really important now.
Cheers
…On Thu, 24 Aug 2023 at 17:18, Barry vd. Heuvel ***@***.***> wrote:
I don't think these are related. Also I think those PRs are not directly
an issue for this repo because storage isn't enabled by default.
—
Reply to this email directly, view it on GitHub
<#544 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/ABFFM2TPE7TKB2R73VPADZ3XW55FVANCNFSM6AAAAAA2NQOYQM>
.
You are receiving this because you are subscribed to this thread.Message
ID: ***@***.***>
--
[image: Learn Software Engineering - Apps on Google Play]
*Pablo Santiago Sánchez*
Software Engineer
p ***@***.***>***@***.*** / ***@***.***
+353838691070
*"Pluralitas non est ponenda sine necessitate"*
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello 👋
I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@Rudloff) has found a potential issue, which I would be eager to share with you.
Could you add a
SECURITY.md
file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.Looking forward to hearing from you 👍
(cc @huntr-helper)
The text was updated successfully, but these errors were encountered: