Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Life, as it tends to do, has progressed for me in such a way that I am no longer able to devote time to maintaining this plugin, especially as I no longer use it on a daily basis.
As such, this project has been neglected and I apologize for that. I am hoping there is someone who would be willing to step up and take over maintaining this project so it gets the attention it deserves. If you would like to do so, please respond with a comment explaining a bit about what you would like to do as a maintainer of this project. I'll then add one or more of those users as collaborators.
It's been almost a year, and it looks like nobody has stepped up on helping this project. I'm interested on becoming this plugin's maintainer. I rely on the functionally this plugin provides for our internal development notifications. The following are the changes made to my forked vagrant-notify repo devel branch https://github.com/alpha01/vagrant-notify/tree/devel
MAJOR SECURITY FIX: Notification server will now only listen on localhost (127.0.0.1), this restricts communication to only between the VM and host system. Since the notification server doesn't do proper shell character escaping and the server binds to all active IPs, anyone using vagrant-notify version 0.4.0 and below is vulnerable to remote command execution.
Things To Do:
I still need to write new/update rpecs unit tests related to these newly changes before submitting a pull request. Let me know what do you think.