Smarty Forum Index Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon.

Disclose Security Vulnerability

 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Bugs
View previous topic :: View next topic  
Author Message
drsassafras
Smarty n00b


Joined: 23 Nov 2021
Posts: 2

PostPosted: Tue Nov 23, 2021 7:53 pm    Post subject: Disclose Security Vulnerability Reply with quote

How do I disclose a Security Vulnerability?
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Nov 30, 2021 6:27 pm    Post subject: Reply with quote

If you can reproduce it with latest Smarty version…
Back to top
View user's profile Send private message
drsassafras
Smarty n00b


Joined: 23 Nov 2021
Posts: 2

PostPosted: Tue Nov 30, 2021 6:59 pm    Post subject: Reply with quote

1. No, we have not integrated smarty 4.0 yet. So not reproducible in the latest smarty version.
2. This does not help me in reporting the issue. I have googled how to, searched over your docs, emailed smarty, and made this forum post. This is the first hit I am getting and it is 6 days later and does not answer my question.
3. Are you sure you want a security vulnerability posted somewhere public before a patch has been issued for the 3.x branch? I mean I am into responsible disclosure but that requires a two way street.
Back to top
View user's profile Send private message
AnrDaemon
Administrator


Joined: 03 Dec 2012
Posts: 1785

PostPosted: Tue Nov 30, 2021 10:54 pm    Post subject: Reply with quote

If your "vulnerability" can not be reproduced in a Simple Test Case, then how do you know it is not something in your own framework? That's why I asked for a simple reproducer.
Preferable using master branch. But latest release could suffice as well.
Fork https://github.com/AnrDaemon/test-001, create a branch and write your reproducer.
Back to top
View user's profile Send private message
Display posts from previous:   
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Smarty Forum Index -> Bugs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum


Powered by phpBB © 2001, 2005 phpBB Group
Protected by Anti-Spam ACP