I need to report security issues found in fastpath webchat according its rev 12964.
If it’s still maintained, committers, please respond.
You can report security issues to security at igniterealtime.org Though as i said on another thread Webchat is not maintained, there are no active developers working on it.
security at igniterealtime.org is not even a valid email. So public disclosure is the only way to get attention.
Hello, We got your message. One of the users on that email list is currently bouncing, that is why you got that bounce message. The address is valid.
Ok, thanks. Looking for the fixes. We sent the revised report which included comments about each issue. Please use that one.
Yes, we’ve got both of your messages. Though i have to say, that Webchat is not in development, so i can’t say when and who will take a look at this.
Daryl, maybe we should remove the bouncer from this mailing list (Jive i suppose?)? Also, we should probably file this report in JIRA (without disclosing details, which can be stored in a hidden document).