-
Notifications
You must be signed in to change notification settings - Fork 315
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security Contact #536
Comments
Is it possible to open hidden issues in GitHub, for maintainers' eyes only? Otherwise you may contact @mrbaseman and myself @DimitriPapadopoulos directly. I think Martin is using his real email address in GitHub. Do you have access to my real email address (not the @users.noreply.github.com one)? Hope this helps. |
Hello Dimitri, there is a way to create security reports on github but it has to be enabled by mantainers. More information can be found here https://help.github.com/en/github/managing-security-vulnerabilities. I've tried but I cannot message you nor @mrbaseman directly and also I do not have access to your emails. You can contact me at agustingianni@github.com if think thats the best option. |
I'm in the process of adding a Security policy: #537 |
Can we or can you create a draft security advisory that we can share privately? |
Yes sure, you need to create an advisory (provided you are an admin) and then add me as a collaborator if I'm not mistaken. Thanks. |
I have created an advisory and @mrbaseman and @agustingianni have been added as collaborators. |
@mrbaseman We probably need a mail address to report security issues (mail would currently be forwarded to each of the maintainers). Any clue how to do that? |
I have registered for openfortivpn.org PS: I'm ill, therefore less responsive these days |
Please bear with us while we're processing the draft advisory. The most knowledgeable maintainer is currently ill. If he cannot handle this in the next few days I'll look into the draft advisory myself. At first glance it looks clear and valid, of course. In the meantime:
|
Hello again. Sure, take as much time as you need. If you have any questions you can always contact me. I'm still taking a look at the software and I will let you know if I find anything else. Thanks keeping me updated. |
Thank you for the great work you did fixing the issues. I think this issue should be closed. |
thank you @agustingianni for reporting your findings and for the fruitful collaboration |
Dear mantainers,
As part of my work at GitHub's Security Lab, I have identified some security issues in openfortivpn and I would like to know the preferred way of communicating said issues.
Best regards.
The text was updated successfully, but these errors were encountered: