Hi Julien, On Wed, Jan 15, 2020 at 08:56:32PM +0100, Julien Pivotto wrote: > On 15 Jan 20:51, Willy Tarreau wrote: > > On Wed, Jan 15, 2020 at 10:06:12PM +0800, ZeddYu Lu wrote: > > > Hi. I found a security issue about the latest haproxy. How can I > > > report this? > > > > Just a quick update on this one, I got it and it was just a false alarm. > > > > Willy > > > > we could improve http://www.haproxy.org/ and add such a contact,
For being part of the kernel security list and seeing the amount of crap that lands there, I'd rather avoid suggesting a closed contact by default. The *vast* majority of the time, the mailing list and/or github issues are perfectly fine. And in the extremely rare case someone is absolutely certain to have something dirty (i.e. less than once a year), we can afford an extra round trip. Experience told me that usually those who can find real bugs can find contacts without any effort. > maybe > even a security.txt file: https://securitytxt.org/ Thanks for this link. I never heard about this one. Did you hear about anyone using it yet ? Willy