|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
drsassafras Smarty n00b
Joined: 23 Nov 2021 Posts: 2
|
Posted: Tue Nov 23, 2021 7:53 pm Post subject: Disclose Security Vulnerability |
|
|
How do I disclose a Security Vulnerability? |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Tue Nov 30, 2021 6:27 pm Post subject: |
|
|
If you can reproduce it with latest Smarty version… |
|
Back to top |
|
drsassafras Smarty n00b
Joined: 23 Nov 2021 Posts: 2
|
Posted: Tue Nov 30, 2021 6:59 pm Post subject: |
|
|
1. No, we have not integrated smarty 4.0 yet. So not reproducible in the latest smarty version.
2. This does not help me in reporting the issue. I have googled how to, searched over your docs, emailed smarty, and made this forum post. This is the first hit I am getting and it is 6 days later and does not answer my question.
3. Are you sure you want a security vulnerability posted somewhere public before a patch has been issued for the 3.x branch? I mean I am into responsible disclosure but that requires a two way street. |
|
Back to top |
|
AnrDaemon Administrator
Joined: 03 Dec 2012 Posts: 1785
|
Posted: Tue Nov 30, 2021 10:54 pm Post subject: |
|
|
If your "vulnerability" can not be reproduced in a Simple Test Case, then how do you know it is not something in your own framework? That's why I asked for a simple reproducer.
Preferable using master branch. But latest release could suffice as well.
Fork https://github.com/AnrDaemon/test-001, create a branch and write your reproducer. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|