Recent Topics

1 Oct 20, 2006 16:38    

We have discovered a cross site scripting attack that we verified in 1.8.2 on our dev environment and the demo site available on which is 1.8.3.

What is the best way to notifying the developers without making the vulnerability publicly known until it can be fixed ?


2 Oct 20, 2006 17:00

I'll put a note on the developers list for you, one of them should contact you shortly.


3 Oct 20, 2006 18:39

Thanks to both of you. I've contacted Ladadada and will look into fixing it for 1.8.3.

Form is loading...