Security reporting guidelines? Development source?
 

I believe I have found a security issue in Pixelpost. While I've checked the current release version (1.4.2), I assume much work has gone into the next version already, and it would be nice to check the up-to-date source before bugging anyone about it. Is there a snapshot, or anonymous CVS somewhere, that I can look at?

Failing that, where exactly should security problems (and potential solutions) be reported? I'd rather not lay out the details on a public forum for anyone to get ahold of before a fixed version can be released.

you can email any of the team with security issues if you feel they are not suitable for the forum


geos and raminia are probably more competent security wise so i'd say they should be your first stop!


as far as CVS goes - we do use it but for now there can be no anonymous access... sorry.

thanks.

and thank you. :)

you can send copy also to:

or just

!

I didn't get anything.

Er... oops. I forgot forum mails were going to a different address than the one I've been looking for them at. Mail will be coming shortly.

Now Ive got it.

yah, that would be the one ;)

Should we be worried about this security issue? Can we get some more details on it?