Hello trac-hackers, Our team has discovered that a plugin on Trac-Hacks has a DOM injection vulnerability. The plugin in question is tagged needsadoption. We have a patch that should fix it.
What's the trac-hacks disclosure policy for security issues? E.g. is there a private list to which we should report the details, or should we raise a public ticket and attach the patch? Kind regards, Alex -- Alex Willmer | Developer 2 Trinity Park, Birmingham, B37 7ES | United Kingdom M: +44 7557 752744 al.will...@logica.com<mailto:al.will...@logica.com> | www.logica.com <http://www.logica.com/>Logica UK Ltd, registered in UK (registered number 947968) Registered Office: 250 Brook Drive, Green Park, Reading RG2 6UA, United Kingdom Think green - keep it on the screen. This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you.
_______________________________________________ th-users mailing list th-users@lists.trac-hacks.org https://lists.trac-hacks.org/mailman/listinfo/th-users
