reiern70 commented on PR #1432:
URL: https://github.com/apache/wicket/pull/1432#issuecomment-4328626479

   > You can!
   > 
   > But I won't do it myself for two reasons:
   > 
   > 1. the CVE creation process is very unfriendly.
   >    It used to be a copy/paste of a template and adaptation of few 
placeholders like the title, description and severity. Now it is a big complex 
web form with many fields which I have no idea how to populate correctly
   > 2. you reported the issue publicly and thus made it a 0-day vulnerability 
... So, it is a bit late for this.
   >    The proper way is to report it to the maintainers first - 
https://wicket.apache.org/help/#security & https://www.apache.org/security/
   
   I think we are possibly one of the few users of this functionality,and we 
use anther version of IUploadsFileManager, thus I doubt this has impact for 
many users. But letting them know via email might be good.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to