Trying to get in touch regarding a security issue

[JamieSlome]

Hello 👋

I run a security community that finds and fixes vulnerabilities in OSS. A researcher (@dwisiswant0) has found a potential issue, which I would be eager to share with you.

Could you add a SECURITY.md file with an e-mail address for me to send further details to? GitHub recommends a security policy to ensure issues are responsibly disclosed, and it would help direct researchers in the future.

Looking forward to hearing from you 👍

(cc @huntr-helper)

[dwisiswant0]

Would you like to come take a look at it, @jc21? Your prompt attention would be appreciated. :)

[Legoclones]

Any update on this? I would also like to report something and would appreciate an email or way to privately contact the developers.

[dwisiswant0]

^ Nope. Committed 11 days ago on the develop branch, I think the maintainers like to play dead.

[sephentos]

How is it that something important like this goes unanswered for almost seven months while commits take place in between?

@jc21

[flikites]

Has this been rectified?

[dwisiswant0]

Has this been rectified?

AFAIK, nope.

[Joly0]

Any news on this one? Did @jc21 get in contact with you guys?

[dwisiswant0]

No.

[liquidat]

This is the issue, the advisory is out now:
https://advisory.dw1.io/57

[BrutalCoding]

@skarlcf this issue should be closed since it's been resolved by #2635, unless I missed something. I just stumbled upon this.

[skarlcf]

@BrutalCoding yes, IMHO this issue should be closed.

[github-actions]

Issue is now considered stale. If you want to keep it open, please comment 👍