Chit-Chat

Where do we report vulnerabilities?

Permalink 1 user found helpful April 13, 2018 at 4:37 PM

When I go to hackerone.com, I get the message
"concrete5 is taking a break and is not accepting new submissions."

Our larger organization's bounty program turned up a vulnerability and I'm trying to find some positive documentation that it has been addressed (or at least recognized).

Or I'd like to report it. So where do we go?

typoman76 replied on Apr 13, 2018 at 8:44 pm Permalink Reply

https://www.concrete5.org/developers/security

yfsneals replied on Apr 13, 2018 at 8:48 pm Permalink Reply

Hokay... So without Hackerone, we simply email it in?

mnakalay replied on Apr 14, 2018 at 11:32 am Permalink Reply

You can contact directly the core team by private message through their profile page:
Franz Maruna:https://www.concrete5.org/profile/-/view/6/...
Andrew Embler:https://www.concrete5.org/profile/-/view/4...
Korvin Szanto:https://www.concrete5.org/profile/-/79063/...

Alternatively, you can register for Concrete5's Slack group, find either Andrew or Korvin in one of the channels and message them privately over there. I'm not sure which is faster.

You can register for the Slack group here:https://www.concrete5.org/slack...

A3020 replied on Sep 18, 2018 at 1:16 pm Permalink Best Answer Reply

It seems HackerOne can be used again to report security issues regarding the concrete5 core:https://hackerone.com/concrete5...

Myq replied on Sep 18, 2018 at 7:36 pm Permalink Reply

> "concrete5 is taking a break and is not accepting new submissions."

Where did you see this in HackerOne?

As noted by others, HackerOne is the preferred channel.

yfsneals replied on Sep 18, 2018 at 7:53 pm Permalink Reply

On the day i tried to report it, back in April. If it was temporary, great.

Forums

Chit-Chat

Where do we report vulnerabilities?

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?