Logging Security Bugs

sbodger

Joined: 2009-04-15
Posts: 2
Posted: Wed, 2009-04-15 19:18

Hi All

I've just installed Alpha 3 and believe it is vulnerable to an XSS attack.

Is this the right place to report it?

Thanks

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Wed, 2009-04-15 21:44
Quote:
Is this the right place to report it?

please use:

A full security review is underway using a 3rd party security company as was done in G1 and G2.

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team

 
nivekiam
nivekiam's picture

Joined: 2002-12-10
Posts: 16504
Posted: Wed, 2009-04-15 22:36

Yes, please report it to the email address Dave listed and read the Security Warning and Roadmap sections on this page for more information:
http://gallery.menalto.com/gallery_3.0_alpha_3_released
____________________________________________
Like Gallery? Like the support? Donate now!!! See G2 live here

 
sbodger

Joined: 2009-04-15
Posts: 2
Posted: Thu, 2009-04-16 00:36
floridave wrote:
please use:

A full security review is underway using a 3rd party security company as was done in G1 and G2.

Thanks - I'll send the email.

I suspect it's already on the known list as it's quite an obvious attack vector, but no harm in checking.

 
floridave
floridave's picture

Joined: 2003-12-22
Posts: 27300
Posted: Thu, 2009-04-16 01:01

Thanks for keep us on our toes!

Dave
_____________________________________________
Blog & G2 || floridave - Gallery Team