Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability Disclosure #3684

Closed
AdnaneKhan opened this issue Jul 14, 2023 · 5 comments · Fixed by #3978
Closed

Security Vulnerability Disclosure #3684

AdnaneKhan opened this issue Jul 14, 2023 · 5 comments · Fixed by #3978
Labels
kind/bug priority/p0 Highest priority

Comments

@AdnaneKhan
Copy link

I've found a security issue with this repository, how can I privately disclose this?
@shuchu
Copy link
Collaborator

shuchu commented Jul 15, 2023

there is a slack channel:
http://slack.feast.dev/
And you can msg Danny (@adchia)

@AdnaneKhan
Copy link
Author

Hey! sorry this got away from me - I re-checked and the vuln is still here. Got an email address I can send it to? Kind of a pain to join lots of Slack channels. Thankfully fix is really simple.

@jeremyary
Copy link
Collaborator

@AdnaneKhan if you'd still like to disclose with us, we can be reached collectively at [email protected], but should you prefer further discretion, please feel free to reach out to me directly at [email protected] & I'd be happy to serve as conduit in raising the issue with our other maintainers. Thanks!

@AdnaneKhan
Copy link
Author

@AdnaneKhan if you'd still like to disclose with us, we can be reached collectively at [email protected], but should you prefer further discretion, please feel free to reach out to me directly at [email protected] & I'd be happy to serve as conduit in raising the issue with our other maintainers. Thanks!

I sent an email to your Redhat address. The group mail didn't work for some reason (I got a delivery failure notification).

@jeremyary
Copy link
Collaborator

@AdnaneKhan received! I appreciate you taking the time to share this with me, I'm putting it on my own list to tackle.

@jeremyary jeremyary reopened this Feb 28, 2024
@jeremyary jeremyary added priority/p0 Highest priority and removed priority/p2 labels Feb 28, 2024
@jeremyary jeremyary mentioned this issue Feb 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug priority/p0 Highest priority
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Restore label check for all actions using pull_request_target jeremyary/feast
3 participants
@jeremyary @shuchu @AdnaneKhan