Community Forums

Development Forum

Reporting vulnerabilities

Page: 1
Subject: Reporting vulnerabilitiesQuote this post in your reply
Does there exist a policy for reporting vulnerabilities?

According to your developer guidelines, bugs should be reported on your Mantis Bug Tracker, but presumably you don't want potential vulnerabilities to become public before a patch, and it's not clear how to report privately.

Alternatively, do you consider pull requests on Github containing fixes to security holes acceptable?
Posted: 2016-12-21 02:00:04

Avatar for greg
Subject: Re: Reporting vulnerabilitiesQuote this post in your reply
You can send the report to info at atutor dot ca. Or, once you are signed up on Mantis, we'll give you developer privilege, after which you can post private bug reports.

Pull requests are welcome.
Posted: 2016-12-21 09:07:17
Page: 1

You must be signed-in to post.

Related Articles