Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

security reports? #31

Closed
jtnord opened this issue Jan 29, 2019 · 13 comments · Fixed by #995
Closed

security reports? #31

jtnord opened this issue Jan 29, 2019 · 13 comments · Fixed by #995
Assignees
@JoelSpeed

Comments

@jtnord
Copy link

jtnord commented Jan 29, 2019

I think I found a security issue (could be in our fork but doesn't yet seem like it).

I could not find anywhere mentioning reporting security issues privately, can you please add some details?

Expected Behavior

If I find a security issue in the project I can go to the repo and find some info on how to report it.

Current Behavior

I am left guessing.

Possible Solution

create a file security.md with details of how to report security vulnerabilities, link to it from readme.md

Steps to Reproduce (for bugs)

Context

potentially report a security issue (if confirmed it is not a mess up in our fork or my configuration)

Your Environment

hey I got this building on windows woot!

  • Version used:
@JoelSpeed JoelSpeed self-assigned this Jan 30, 2019
@JoelSpeed
Copy link
Member

This needs fixing and I am currently trying to work out how I want to handle this, I need to speak to our internal support team who currently handle most security issues for Pusher owned projects.

For now, could you please email me directly joel[at]pusher.com and I will look into the issue you have found.

@jtnord
Copy link
Author

jtnord commented Jan 30, 2019

email sent :)

@github-actions
Copy link
Contributor

github-actions bot commented Mar 8, 2020

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Mar 8, 2020
@JoelSpeed
Copy link
Member

JoelSpeed commented Mar 8, 2020
edited
Loading

We still need to work out how security reports should be handled. As a note, if anyone finds this, please do not email my pusher address, I no longer work for Pusher and I will not receive it

@JoelSpeed JoelSpeed removed the Stale label Mar 14, 2020
@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label May 14, 2020
@JoelSpeed JoelSpeed removed the Stale label May 14, 2020
@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Jul 14, 2020
@JoelSpeed JoelSpeed removed the Stale label Jul 14, 2020
@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Sep 13, 2020
@JoelSpeed JoelSpeed removed the Stale label Sep 14, 2020
@Aishwer-chegg
Copy link

@JoelSpeed @jtnord The security issue discussed here is not very clear. Is this still relevant? If yes, can you share more details for the same.

@jtnord
Copy link
Author

jtnord commented Oct 21, 2020

this is still valid. there are no details on how to report security issues for this repo.

@JoelSpeed
Copy link
Member

Agreed. I or one of the other maintainers needs to find some time to create a SECURITY.md doc that explains what users should do if they do find any vulnerabilities and what our responsibilities are in these cases

@Aishwer-chegg
Copy link

@jtnord @JoelSpeed Can you share how severe is the issue ? and What is the plan to fix this or Is there a patched version available ?

@JoelSpeed
Copy link
Member

There are no outstanding issues for security here. We are just using this issue to track the fact that we haven't documented how to report security issues.

Please use the latest releases to ensure you have up to date security patches

@github-actions
Copy link
Contributor

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

@github-actions github-actions bot added the Stale label Dec 21, 2020
@JoelSpeed JoelSpeed removed the Stale label Dec 21, 2020
@JoelSpeed JoelSpeed mentioned this issue Jan 16, 2021
Merged
3 tasks
michael-freidgeim-webjet pushed a commit to MNF/oauth2-proxy that referenced this issue Sep 4, 2021
@Kevin-Li-Webjet
Merge pull request oauth2-proxy#31 from Webjet/revert-30-teamcity-upg…
b5971a5 
…rade

Revert "upgraded teamcity to 7"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JoelSpeed JoelSpeed

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Security Policy oauth2-proxy/oauth2-proxy
3 participants
@jtnord @JoelSpeed @Aishwer-chegg