Comments (4)
Hi @zidingz,
please send me the details to [email protected]. Also there is my email address in every commit message.
from html-minifier-terser.
I think there went something terribly wrong with huntr:
I've got 6 emails, 4 of them with the same subject line:
[ Cross-Site Request Forgery (CSRF) ] New Security Issue in cachet
[ Unimplemented or Unsupported Feature in UI ] New Security Issue in cachet
[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet
[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet
[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet
[ Insufficient Documentation of Error Handling Techniques ] New Security Issue in cachet
Totally different project and it seems you reported these things to a fork of the original project, which makes not that much sense. And most of them are duplicates.
Also leaking details regarding other unrelated projects is not great either:
Sending details to the wrong persons is critical. Please check this with your team before sending any emails and better remove this "other advisories" part on the right side which leaks details regarding different projects. It seems your team and project lack some good security practices in general @JamieSlome
from html-minifier-terser.
@DanielRuf - thanks for your comments and for sharing this with us.
With regards to the e-mails, I apologise that these were sent over to you. We have identified the cause and will be reviewing this tomorrow to ensure it doesn't happen again.
The links provided for other projects on reports are only visible if the vulnerability has been patched, and so no details are being leaked cross-projects.
Nonetheless, I will review your comments with the team and thank you for your patience! 🍰
from html-minifier-terser.
@DanielRuf So sorry for this! We've identified the cause and remedied the permissions.
I've just sent you the correct email regarding the issue in html-minifier-terser.
Thank you so much for bringing attention to our error; it's of utmost importance that we take extra care in future.
from html-minifier-terser.
Related Issues (20)
- [Bug]: JUST FULLY ERR! HOT 4
- Minify JSON-LD HOT 4
- Upgrade `clean-css` To `v5.3`
- Remove some legacy things? HOT 1
- [Bug]: `<!--#-->` comments are not removed
- [Feature request]: Preserve EOF newline for Unix file format
- Src included in build? HOT 2
- [Feature Request] Typescript types
- wrap each col element in a colgroup when render col in a separate function HOT 1
- [Bug]: Can't be used in the browser HOT 2
- <code> tag
- [Bug]: bug with ejs template engine
- Feature request: Option for adding comment/copyright/disclaimer text to source code HOT 2
- [Bug]: Remove redundant attributes should support <img> loading attribute
- Support <script type="importmap">
- [Bug]: engine field and workflow matrix could be updated
- [Bug]: Scripts minfiier has cloned variable names that crashes program when mange is activated HOT 3
- Please Consider `cssnano` Instead of `clean-css` HOT 3
- [Bug]: Error Minimizing JSON File HOT 1
- [Bug]: Nested CSS, parent is lost
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from html-minifier-terser.