Reply New Topic
2020/10/20 3:59:28
#1
Offline
Just popping in

Reporting issues

Hi ! I want to report an issue however on the SECURITY.md on Github mentions to report it on Hackerone but it seems to be private. 

Should I post the bug on Github instead?

 

Thanks!



2020/10/20 13:15:50
#2
Offline
Webmaster

Re: Reporting issues

Hi, 

you are correct, and I figured we would have broken the threshold to become a public project by now. It's something we don't have much power over, we need to have bug reports by invited hackers on Hackerone, and until now only a few reports have been coming in (and have been handled of course )

When it comes to security issues, please notify us on the security issues form. That way we can make sure the issue gets fixed before it is published online.

I'll update the SECURITY.md on github as well, thanks for letting me know!


_________________

Me on OpenHub


2020/11/14 16:38:42
#3
Offline
Just popping in

Re: Reporting issues

Final question : Are you using h1 platform? Can I get invite (I plan to test this now after successful installation)



2020/11/14 18:56:09
#4
Offline
Webmaster

Re: Reporting issues

Hi,

yes, we are using the h1 platform, and as of a few minutes ago, we are a public project at https://hackerone.com/impresscms

Feel free to post any security related issues there so we can monitor them more easily.



Edited by fiammybe on 2020/11/14 19:27:19
_________________

Me on OpenHub


2020/12/7 7:28:30
#5
Offline
Webmaster

Re: Reporting issues

Just to make it abundantly clear : from now on, all security-related reports should be logged on Hackerone. The other form will be deactivated.


_________________

Me on OpenHub


Reply New Topic extras
 Previous Topic   Next Topic
You can view topic.
You can start a new topic.
You can reply to posts.
You cannot edit your posts.
You cannot delete your posts.
You cannot add new polls.
You cannot vote in polls.
You cannot attach files to posts.
You can post without approval.