My experience (of just one) was that it got picked up and looked at pretty quickly.
Perhaps it got missed if it was towards the end of holidays, or because one of the select few[1] was busy flying around the world for Jenkins user events - so a prod on the dev list may help to spur things along. /James [1] There are only a few people who have the privileges to look see issues reported on the security project, not all commiters have this right. On Thursday, 29 August 2013 17:13:44 UTC+1, [email protected] wrote: > > I opened a “Security Issues” ticket (SECURITY-53) back in Jan/2013, with > no response. So I’m not sure what triggers someone to actually look at your > report … > > > > *From:* [email protected] <javascript:> [mailto: > [email protected] <javascript:>] *On Behalf Of *teilo > *Sent:* 29 August 2013 11:48 > *To:* [email protected] <javascript:> > *Subject:* Re: Right procedure to send for Security Advisories > > > > Hi Christian, > > > > You should create an issue in the Jenkins bug tracker under the "Security > Issues" project. > > > > This project has restricted access so only the select few will be able to > see your report. > > > > See https://wiki.jenkins-ci.org/display/JENKINS/Security+Advisories for > more info. > > > > /James > > On Thursday, 29 August 2013 11:36:04 UTC+1, Christian Catalano wrote: > > Hi everyone, > > > > I am executing a PT for my company... in my targets there is a server > > with a Jenkins application. > > > > I think I have found a severe security vulnerability so I would like to > > know the right procedure to: > > > > - advise the jenkins team > > - send the documentation to explait the vulnerability and to prove it > > - how I can obtain a CVE Identifier > > > > > > Best regards > > Christian > > -- > You received this message because you are subscribed to the Google Groups > "Jenkins Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected] <javascript:>. > For more options, visit https://groups.google.com/groups/opt_out. > > > > -- > > This e-mail and any attachments may contain confidential, copyright and or > privileged material, and are for the use of the intended addressee only. If > you are not the intended addressee or an authorised recipient of the > addressee please notify us of receipt by returning the e-mail and do not > use, copy, retain, distribute or disclose the information in or attached to > the e-mail. > Any opinions expressed within this e-mail are those of the individual and > not necessarily of Diamond Light Source Ltd. > Diamond Light Source Ltd. cannot guarantee that this e-mail or any > attachments are free from viruses and we cannot accept liability for any > damage which you may sustain as a result of software viruses which may be > transmitted in or with the message. > Diamond Light Source Limited (company no. 4375679). Registered in England > and Wales with its registered office at Diamond House, Harwell Science and > Innovation Campus, Didcot, Oxfordshire, OX11 0DE, United Kingdom > > > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
