I believe I have found a security issue in Pixelpost. While I've checked the current release version (1.4.2), I assume much work has gone into the next version already, and it would be nice to check the up-to-date source before bugging anyone about it. Is there a snapshot, or anonymous CVS somewhere, that I can look at?

Failing that, where exactly should security problems (and potential solutions) be reported? I'd rather not lay out the details on a public forum for anyone to get ahold of before a fixed version can be released.

you can email any of the team with security issues if you feel they are not suitable for the forum


geos and raminia are probably more competent security wise so i'd say they should be your first stop!


as far as CVS goes - we do use it but for now there can be no anonymous access... sorry.

thanks.

raminia [aT] pixelpost.org
and thank you. :)

you can send copy also to:
GeoS (a_t] pixelpost {DOT} org

or just

thecrew[a t]pixelpost[ dot ]org!

I didn't get anything.

Er... oops. I forgot forum mails were going to a different address than the one I've been looking for them at. Mail will be coming shortly.

Now Ive got it.

']or just

thecrew[a t]pixelpost[ dot ]org!

yah, that would be the one ;)

Should we be worried about this security issue? Can we get some more details on it?

you will be fine, although as a personal recommendation i suggest avoiding hacking up you're php files and changing things around for the next few weeks, just in case a needed upgrade comes out.