On 18/07/2013, at 11:53, Hugh Davenport <[email protected]> wrote:
> On 2013-07-18 11:48, Simon J Welsh wrote: >> Yes, we’ve known about this since at least February (the reporter is >> the lead on the security team). > > Hi Simon, > > Thanks for your reply. Just a question, is it policy to report security > bugs in the open? > > Cheers, > > Hugh Usually, there’s a small issue with no details provided until a fix is applied (see [1] for an example). In this case, the issue was actually raised on the development mailing list[2] rather than through the normal security channels. The normal process is documented here[3]. [1] https://github.com/silverstripe/silverstripe-framework/issues/2195 [2] https://groups.google.com/forum/?fromgroups=#!topic/silverstripe-dev/XDUDZtr9Gbk [3] http://doc.silverstripe.org/framework/en/trunk/misc/release-process#security-releases --- Simon Welsh Admin of http://simon.geek.nz/ -- -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected] --- You received this message because you are subscribed to the Google Groups "NZ PHP Users Group" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
