--- REDACTED --- #4409
Comments
|
Confirmed, I can reproduce this. I also tested it on an empty class and a class with objects in it. The bug happens in both cases. -- REDACTED -- |
|
Can you provide the server logs when running with VERBOSE=1? |
|
I believe I found the root cause, and will provide a fix in the next hour |
|
@charleskoehl I'm gonna close this issue now. I want to take a minute to let you know that issues that may affect security should be privately reported. As mentioned by @milesrichardson everyone now knows the issue, and is able to target the servers. |
flovilmart
changed the title
|
I've cleaned up the conversation, unfortunately github keeps a tail of events with the changes. |
|
fwiw I can only see that you deleted the comment, can't see the old contents. Maybe you can because you're admin |
|
I'm very sorry for that; I'm sort of a noob in the open source community despite having coded since 1982. |
|
No worry @charleskoehl, mistakes happen. That made me realize we don't have a security 'hotline' / email. |
|
I'm just curious... is there a published confidential disclosure procedure? An email address? Maybe a PGP key? |
|
We should put that in place sooner than later. I’ll do it before Monday, with a public pgp key! |
|
We should also add a notice for responsible disclosures in the the issue/PR template. |
|
Yes, in the issue template, .org domains, and all README’s |
|
Perhaps this could help clean things up more: |
--- REDACTED ---
The text was updated successfully, but these errors were encountered: