-
Notifications
You must be signed in to change notification settings - Fork 125
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security vulnerability + preferred disclosure channel #169
Comments
Their email addresses are on the pyorient PyPI page. |
Good call. I will update this issue once the vulnerability is resolved. |
Hi @obi1kenobi , |
Will do. Taking this to email for now. Thanks! |
Ohai mail are available on pypi address is directly with all the details please :) Sorry for typo, sent in mobility
|
Addressed in #172. |
I discovered a serious security vulnerability in the client, and in the spirit of responsible disclosure, I was hoping to discuss it privately with the maintainers of this project. However, I was not able to find a contact email address of any kind for either @mogui or @Ostico , and I'm unaware of any other maintainers with admin access to the repo.
I didn't want to simply open a pull request with the fix, because that until that pull request is merged and a new version is put on pypi, it's just sitting there as a proof-of-concept exploit of a vulnerability.
I would appreciate it if one of the maintainers could reply to this issue and direct me to the preferred channel for disclosing security vulnerabilities.
The text was updated successfully, but these errors were encountered: