On Thu, Jan 10, 2013 at 03:58:25PM +0100, Tomas Sedovic wrote: <snip> > Jozef, the next time please report security issues to > [email protected] first:
Out of curiosity, where does this go? I don't need to be the one receiving it necessarily, but I realize that I have no concept of what happens after mail is sent here. > https://aeolusproject.org/contact.html#security-related > > It does no good to advertise exploits before they've been fixed (look up > responsible disclosure for more info). +1 on the approach, though in Jozef's defense, these sound like an extension on what was already reported on the rubyonrails-security list: https://groups.google.com/forum/?fromgroups=#!forum/rubyonrails-security We should probably still try to resolve them before disclosing them here, though. -- Matt
