Serious security problems should not be fixed via pull request - please
responsibly disclose these by e-mailing them (with or without patches) to
galaxy-...@lists.galaxyproject.org. The Galaxy core development team will
issue patches to public servers before announcing the issue to ensure there
is time to patch and highlight these fixes widely. We will provide you
credit for the discovery when publicly disclosing the issue.
On Tue, Aug 11, 2015 at 10:16 AM, Scott Szakonyi <scott.b.szakony...@nd.edu>
> Hello all,
> In testing our servers for security vulnerabilities, we've detected some
> cross site scripting and SQL injection problem on our Galaxy server. Is
> that something that should be reported as a bug/problem? I did search the
> Trello board but didn't find any open security related items.
> Scott B. Szakonyi
> Research Programmer
> *Center for Research Computing*
> 107 Information Technology Center
> Notre Dame, IN 46556
> Please keep all replies on the list by using "reply all"
> in your mail client. To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> To search Galaxy mailing lists use the unified search at:
Please keep all replies on the list by using "reply all"
in your mail client. To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
To search Galaxy mailing lists use the unified search at: