On Fri, Jun 19, 2009 at 10:22:45AM +0200, Violetta J. Wawryk wrote: > Hello, > > Thanks to all who answered. I cannot believe that noone ever thought of > this as a security bug.
The "full" interface of RT is really intended as an interface for staff which is likely why you're finding that nobody else considers this a security issue. > Since a collegue found another security issue, can anyone tell me an > emailadress where to send security issues that should definitly not be > public? Certainly. Please email secur...@bestpractical.com. Thanks very much for your diligence. Best, Jesse Vincent Best Practical _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: sa...@bestpractical.com Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com