Comments (3)
@gruns - thanks for all of your feedback on the above.
- We receive a lot of vulnerability reports, especially against very large projects, and so don't assume that reports should be public by default. We had tried this in the past and got a fair amount of bite back, and so do everything via responsible disclosure now. That said, if a maintainer is happy for a report to be made public, we will always support that :) You can see the report here, which I have now made public for you.
- In all of the cases listed above, and for all of our outreach, we first request an e-mail address in the
SECURITY.md
, so that maintainers can select an e-mail address where they want reports to go, plus we can authorize the address that's been created by a permitted maintainer. Until we have that e-mail address, we don't disclose it. - By no means are we trying to promote the platform, rather just share the contents of reports, responsibly whilst trying not to share our brand as much as possible. Previously, we included our report URLs directly in these issues, but this also had problems, as this specifically looked like a scheme to promote the company. Hence, we wait for the e-mail address to share the report content.
Also:
And feel free to check out the thousand of vulnerabilities found previously by our researchers:
https://huntr.dev/bounties/hacktivity
from furl.
is this potential issue
too sensitive to just create a (public) issue here in this repo?
also you create a ton of issues exactly like this, without disclosing any security vulnerabilities
is this just a scheme to promote your company, huntr helper?
from furl.
fwiw, no results for furl
when searching on huntr.dev:
from furl.
Related Issues (20)
- furl doesn't type-hint itself as Text HOT 3
- url parsing still accepts semicolon as separator HOT 5
- Add typing support HOT 6
- Hi, if the URL is like '127.0.0.1:8080/a/b', the result is '8080/a/b', which seems incorrect HOT 2
- How handle javascript:void(0) HOT 2
- Feature: Addition of `is_domain` flag
- Maximum recursion depth exceeded error for url with large list HOT 3
- Adding README to PyPi HOT 2
- '127.0.0.1:8329' parsed wrong in Python 3.9+ HOT 3
- Feature request: Convert to unescaped string HOT 2
- .join() and .path.normalize() incorrectly interpret base paths ending /. or /..
- furl.path object is NOT of type: pathlib.Path HOT 1
- Feature requests: get url relative to another url
- Setting multiple query params for the same key and resultant url format
- Seems to be a bug when paring multiple '@'s ?
- Use the `ipaddress` module to detect valid IPV6 HOT 1
- a method to set an individual query parameter without removing the rest or keeping the original value
- Removes "git@" from git remote URL HOT 1
- URL fragment percent-encoding
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from furl.