Hi, Please use http://jira.xwiki.org/browse/XWIKI to report your security issue and mark the "Security Level" field as "Confidential".
That is the proper way of reporting security issues. Thanks, Eduard On Wed, Dec 5, 2012 at 5:27 AM, Caleb James DeLisle < [email protected]> wrote: > I'm sorry about your getting hit and if you want to send me direct mail, > I'll see that it gets to the right people. I'll also make sure to check out > the situation with that list because it should not be blocking > non-subscribers. > > As a side note, it might be irresponsable of me but I don't personally > think > most security issues warrant as much secrecy as the sec community proscribe > although it's always important to keep PoC scripts out of the hands of > people > who might try running them. > > Thanks, > Caleb > > > On 12/04/2012 10:21 PM, Jan-Philip Loos wrote: > > Hello, > > > > tonight some XWikis Sites were attacked with XSS. One of this sites is > our > > own, which runs 4.2. > > > > A wrote the details to [email protected] mailing list, but it's > rejected by > > [email protected]. According to > > http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists : "However, > > anyone can write to these lists to report issues (no subscription > needed)." > > I think I misinterpreted it. > > > > How can I post the details on this attack to a non public space? > > > > Greetings > > > > Jan-Philip Loos > > > > > > > > -- > > View this message in context: > http://xwiki.475771.n2.nabble.com/XSS-Security-Hole-how-to-post-to-security-xwiki-org-tp7582719.html > > Sent from the XWiki- Users mailing list archive at Nabble.com. > > _______________________________________________ > > users mailing list > > [email protected] > > http://lists.xwiki.org/mailman/listinfo/users > > > > > _______________________________________________ > users mailing list > [email protected] > http://lists.xwiki.org/mailman/listinfo/users > _______________________________________________ users mailing list [email protected] http://lists.xwiki.org/mailman/listinfo/users
