[Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4

Wolfe, Jeff Jeff_Wolfe at intuit.com
Thu Aug 25 17:02:16 UTC 2005


Wow, that's a faster response than I expected!  Great job, and thanks!

I'll use another method next time for security issues.  I certainly
appreciate the point about having a patch ready with the announcement.  I
didn't find anything on meta that encouraged users to report a security
issue any particular way.  I was worried about just posting to the zilla for
fear it would get lost in a sea of requests.  One article I found today
suggested posting them to the developer's list.  I settled on this list
because it has "security announcements" in it's description.  It might be
helpful to have a clear & specific contact point identified (person, private
mailbox etc) for security bugs.

Again, great job!

Jeff

--------------
> (In the future please feel free to report security issues by private
> mail, or private message on IRC. Generally speaking it's nice to have a
> patch ready before public disclosure, even if this is only a few hours.)
--------------

-----Original Message-----
From: mediawiki-l-bounces at Wikimedia.org
[mailto:mediawiki-l-bounces at Wikimedia.org] On Behalf Of Brion Vibber
Sent: Wednesday, August 24, 2005 11:51 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4

_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l




More information about the MediaWiki-l mailing list