powered by Jive Software

Discussing potential security vulnerabilities

what is the protocol for discussing (potential) security vulnerabilities?

again, i said “potential” (so that everybody doesn’t get all out-of-whack over this).

some projects are hesitant to discuss such things in public forums (mailing lists, irc, message boards, etc), and rightfully so, but i rather discuss it with someone (familiar with the openfire codebase, unlike myself) first before sounding any potential false alarms.

i did a google search of “openfire security” and didn’t find anything relevant to project protocol on the first two pages of hits. i searched the issue tracker for “security”, specifically in openfire, but only saw a few that appeared to either be well known (recent jetty vulnerability) or non-disclosed (no details).

thanks for openfire!

You can ping me directly if you’d like to.

how exactly do you define “ping”?

email, im, forum private message?

my apologies; i sometimes need things spelled out for me.

i emailed you (which i hope is acceptable), but for future reference (mine and anybody else who searches for this), which did you mean?

I suppose I meant, any of those, whichever you preferred. (I typically refer to ping me to mean “contact me”)

So email worked just fine! May not be able to look at it today though, depends on how things play out!