Dear r00t4dm;
Jonathan from Tomee PMC has already responded to you: We do not
provide further help or guidance to verify vulnerabilities. We use
secur...@apache.org only for the reporting of new vulnerabilities.
Best Regards, Mark.
On Wed, Dec 23, 2020 at 4:32 AM r00t 4dm wrote:
>
> Ok,
> maybe i wanna publish this vulnerable fully details in
https://paper.seebug.org/category/404team-en/
> i want to more Security researcher to learning this vulnerable.
I've CC'd in the security email, in case they have a view on it. There's a
bit of a delicate balance. In terms of the
Specifically, what it is you're looking to publish, and where?
Jon
On Tue, Dec 22, 2020 at 4:35 PM r00t 4dm wrote:
> Hi,
>
> I using testcase
> https://github.com/apache/tomee/commit/a2a06604f5d4e92e34c84715a30d03d3e7121fd1
> i found how to open 1099 port, if i fully success, i can make this
>
Hi Jonathan
That's a perfect approach and reply suggestion, go for it! I wonder too
sometimes if this is a tactic in order for a lazy researcher to try to gain
a reproducer.
(I wouldn't worry about cc'ing in private@tomee though, you probably don't
want to get that list too polluted, dev/user