I have seen previous "security reports" from them about PyForum. Those that I have checked were bogus.
Massimo On Oct 13, 11:55 am, Julio Schwarzbeck <[email protected]> wrote: > Hi this is Julio, pyforum author. I just wanted to clarify a few > things here. > > On Dec 9, 2009, I was contacted by this > "Nam Nguyen" from bluemoon.com.vn (Viet Nam) domain. > > This gentleman stated that he had "discovered" several XSS > vulnerabilities in pyforum, and in order to "disclose" them to me, I > had to enter in some kind of agreement with him (read: pay him money) > my "punishment" for not complying with this would result in spreading > this information around (I guess his "security firm" does not carry > enough weight so he needed to go to the usual channels, secunia being > one of them. > > After more than a year he has failed to provide even one simple proof > of concept so I can potentially fix. > > All of this leads me to believe that such vulnerability indeed does > not exist and that these individual's intentions were no other than > trying to dishonestly obtain monetary gains. > > pyforum is open source software and its source code is available for > anyone to view. > > Hope this clarifies the issue, Cheers, > > Julio F Schwarzbeck. > > On Oct 12, 9:12 am, Julius Minka <[email protected]> wrote: > > > There is security issue reported here:http://secunia.com/advisories/37764 > > > Is any fix available? > > Are there any plans to further develop pyforum? > > I am asking because I am considering pyforum as a base for bigger > > communication app. > >
