[galaxy-dev] Security issues
Hello all, In testing our servers for security vulnerabilities, we've detected some cross site scripting and SQL injection problem on our Galaxy server. Is that something that should be reported as a bug/problem? I did search the Trello board but didn't find any open security related items. Thanks! -- Scott B. Szakonyi Research Programmer *Center for Research Computing* 107 Information Technology Center Notre Dame, IN 46556 http://crc.nd.edu ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] Security issues
Hi Scott, Serious security problems should not be fixed via pull request - please responsibly disclose these by e-mailing them (with or without patches) to galaxy-...@lists.galaxyproject.org. The Galaxy core development team will issue patches to public servers before announcing the issue to ensure there is time to patch and highlight these fixes widely. We will provide you credit for the discovery when publicly disclosing the issue. -Dannon On Tue, Aug 11, 2015 at 10:16 AM, Scott Szakonyi scott.b.szakony...@nd.edu wrote: Hello all, In testing our servers for security vulnerabilities, we've detected some cross site scripting and SQL injection problem on our Galaxy server. Is that something that should be reported as a bug/problem? I did search the Trello board but didn't find any open security related items. Thanks! -- Scott B. Szakonyi Research Programmer *Center for Research Computing* 107 Information Technology Center Notre Dame, IN 46556 http://crc.nd.edu ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/
Re: [galaxy-dev] Security issues
Thanks Dannon, I will do that. Best, Scott On Tue, Aug 11, 2015 at 10:20 AM, Dannon Baker dannon.ba...@gmail.com wrote: Hi Scott, Serious security problems should not be fixed via pull request - please responsibly disclose these by e-mailing them (with or without patches) to galaxy-...@lists.galaxyproject.org. The Galaxy core development team will issue patches to public servers before announcing the issue to ensure there is time to patch and highlight these fixes widely. We will provide you credit for the discovery when publicly disclosing the issue. -Dannon On Tue, Aug 11, 2015 at 10:16 AM, Scott Szakonyi scott.b.szakony...@nd.edu wrote: Hello all, In testing our servers for security vulnerabilities, we've detected some cross site scripting and SQL injection problem on our Galaxy server. Is that something that should be reported as a bug/problem? I did search the Trello board but didn't find any open security related items. Thanks! -- Scott B. Szakonyi Research Programmer *Center for Research Computing* 107 Information Technology Center Notre Dame, IN 46556 http://crc.nd.edu ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/ -- Scott B. Szakonyi Research Programmer *Center for Research Computing* 107 Information Technology Center Notre Dame, IN 46556 http://crc.nd.edu ___ Please keep all replies on the list by using reply all in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/ To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/