5 Dec
2012
5 Dec
'12
9:58 a.m.
Hi,
Please use http://jira.xwiki.org/browse/XWIKI to report your security issue
and mark the "Security Level" field as "Confidential".
That is the proper way of reporting security issues.
Thanks,
Eduard
On Wed, Dec 5, 2012 at 5:27 AM, Caleb James DeLisle <
calebdelisle(a)lavabit.com> wrote:
I'm sorry about your getting hit and if you want
to send me direct mail,
I'll see that it gets to the right people. I'll also make sure to check out
the situation with that list because it should not be blocking
non-subscribers.
As a side note, it might be irresponsable of me but I don't personally
think
most security issues warrant as much secrecy as the sec community proscribe
although it's always important to keep PoC scripts out of the hands of
people
who might try running them.
Thanks,
Caleb
On 12/04/2012 10:21 PM, Jan-Philip Loos wrote:
Hello,
tonight some XWikis Sites were attacked with XSS. One of this sites is
our
own, which runs 4.2.
A wrote the details to security(a)xwiki.org mailing list, but it's
rejected by
security-owner(a)xwiki.org. According to
http://dev.xwiki.org/xwiki/bin/view/Community/MailingLists : "However,
anyone can write to these lists to report issues (no subscription
needed)."
I think I misinterpreted it.
How can I post the details on this attack to a non public space?
Greetings
Jan-Philip Loos
--
View this message in context:
http://xwiki.475771.n2.nabble.com/XSS-Security-Hole-how-to-post-to-security…
Sent from the XWiki- Users mailing list archive
at Nabble.com.
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users
_______________________________________________
users mailing list
users(a)xwiki.org
http://lists.xwiki.org/mailman/listinfo/users