Hi,
I stumbled on a xss vulnerability i openfire 3.4.5. After looking at the reported bugs and trying to find anything about it in the forum, I have concluded that this is a previously unknown vulnerability. The recommendation I’ve found is to post it in the forum, this just don’t feel right.
Where should i send the information about this?
Do you really want me to post it in the forum?
Best Regards,
Joel Soderberg
You should set the tag “bug_report” for this thread, so the developers will read it.
Do you really want me to post it in the forum?
I would say, wait until someone feels responsible and send a private message to him.
Thanks for your input Coolcat.
I’ve added the tag and a few more.
I wasn’t really going to post the information in the forum. Just hinting at the fact that someone working with openfire might want to set up a mail or similar point of contact for security issues. Posting security issues to an open forum is a really bad idea.
The project developers for Openfire are Daniel and Gato, so you might try looking them up. Also, the community group chat on Wed. at 10AM pacific is a good way to get in contact with the right people.