[Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4
Wolfe, Jeff
Jeff_Wolfe at intuit.com
Thu Aug 25 17:02:16 UTC 2005
Wow, that's a faster response than I expected! Great job, and thanks!
I'll use another method next time for security issues. I certainly
appreciate the point about having a patch ready with the announcement. I
didn't find anything on meta that encouraged users to report a security
issue any particular way. I was worried about just posting to the zilla for
fear it would get lost in a sea of requests. One article I found today
suggested posting them to the developer's list. I settled on this list
because it has "security announcements" in it's description. It might be
helpful to have a clear & specific contact point identified (person, private
mailbox etc) for security bugs.
Again, great job!
Jeff
--------------
> (In the future please feel free to report security issues by private
> mail, or private message on IRC. Generally speaking it's nice to have a
> patch ready before public disclosure, even if this is only a few hours.)
--------------
-----Original Message-----
From: mediawiki-l-bounces at Wikimedia.org
[mailto:mediawiki-l-bounces at Wikimedia.org] On Behalf Of Brion Vibber
Sent: Wednesday, August 24, 2005 11:51 PM
To: MediaWiki announcements and site admin list
Subject: Re: [Mediawiki-l] Re: Cross Site Scripting bug in 1.5b4
_______________________________________________
MediaWiki-l mailing list
MediaWiki-l at Wikimedia.org
http://mail.wikipedia.org/mailman/listinfo/mediawiki-l
More information about the MediaWiki-l
mailing list