2 users online. Create an account or sign in to join them.Users

Search

Given some discussions, such as this one, in the past regarding security and cases of reporting vulnerabilities, it might be a good idea to be explicit about the community’s policy regarding the process of reporting potential or actual security risks.

I came across this security policy that provided some good guidelines that we could adapt as a community.

Is there a more secure way of reporting potential vulnerabilities to Symphony developers other than in this public forum?

I think the Textpattern policy gives a good summary. I like that it is present and not hidden somewhere on their site.

Agreed. Textpattern’s security reporting policy makes a lot of sense and is something we should adopt and promote more formally.

Create an account or sign in to comment.

Symphony • Open Source XSLT CMS

Server Requirements

  • PHP 5.2 or above
  • PHP's LibXML module, with the XSLT extension enabled (--with-xsl)
  • MySQL 5.0 or above
  • An Apache or Litespeed webserver
  • Apache's mod_rewrite module or equivalent

Compatible Hosts

Sign in

Login details