Reporting security vulnerabilities #4072
Comments
|
I'm not sure. Please email your reports to yahoo userid ********. I don't use that mailbox much, so please post a note here when you've done that. |
|
We recently installed a security-related fix which I'm guessing was related to this. So I'm closing this. Feel free to re-open if my guess was incorrect. |
|
No, these are different from #4119. I now sent you the reports to the specified address as 4 separate emails, one for each vuln. Sorry about the delay - I was on vacation in July and it took a while to get back up to speed. |
|
Fyi @oleibman I can't reopen this issue, but see the above. |
|
@PowerKiKi @MarkBaker I have been communicating with the originator of this issue via email. He says he has reported vulnerabilities using "Private Vulnerability Reporting" on https://github.com/PHPOffice/PhpSpreadsheet/security. But I can't see how to access his reports. If I could, that would probably be a better venue for our discussions than email. Is there something that needs to be done to enable my access to these reports? |
|
@oleibman, you are now admin, like me, and have access to https://github.com/PHPOffice/PhpSpreadsheet/security/advisories?state=Triage, which should allow you to follow-up to to the reports. @emilvirkki, somehow I didn't get any notifications for your reports. Thank you for your work and patience, we'll have a look at your reports. |
I reported multiple security vulnerabilities in PHPSpreadsheet through the private vulnerability reporting feature on this repository. It's been over a month, and I haven't heard back.
What is the correct channel for reporting vulnerabilities, if that one isn't it?
The text was updated successfully, but these errors were encountered: