Security policy? #846

New Issue

Closed

opened 2021-04-22 12:45:20 +00:00 by andreymal · 4 comments

andreymal commented 2021-04-22 12:45:20 +00:00

Contributor

Copy Link

I found a way to read private tasks without proper authorization (successfully tested on my.vikunja.cloud), but I'm not sure that Gitea issues is a good place to provide details. Is there a private email or something to send a security issue?

I found a way to read private tasks without proper authorization (successfully tested on my.vikunja.cloud), but I'm not sure that Gitea issues is a good place to provide details. Is there a private email or something to send a security issue?

konrad commented 2021-04-22 12:56:37 +00:00

Owner

Copy Link

You can contact me on security@vikunja.io with this pgp key or on matrix (@kolaente:matrix.org) with encryption through element.

You can contact me on security@vikunja.io with [this pgp key](http://keyserver.ubuntu.com/pks/lookup?search=security%40vikunja.io&fingerprint=on&op=index) or on matrix (@kolaente:matrix.org) with encryption through element.

andreymal commented 2021-04-22 13:03:09 +00:00

Author

Contributor

Copy Link

Oh, I didn't notice that this is on the contact page https://vikunja.io/contact/

I think it would be better to duplicate this in a more prominent place, maybe in README or issue template

Oh, I didn't notice that this is on the contact page https://vikunja.io/contact/ I think it would be better to duplicate this in a more prominent place, maybe in README or issue template

andreymal closed this issue 2021-04-22 13:03:09 +00:00

konrad commented 2021-04-22 13:03:46 +00:00

Owner

Copy Link

Yeah, I think that's a good idea.

Yeah, I think that's a good idea.

konrad commented 2021-04-22 13:07:50 +00:00

Owner

Copy Link

Added to the readme in both repos.

Added to the readme in both repos.

👍 1

konrad referenced this issue from a commit 2024-02-07 14:00:27 +00:00

fix(deps): update dependency marked to v3.0.7 (#846)

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

renovate/golangci-golangci-lint-1.x

renovate/camel-case-5.x

renovate/go-1.x

renovate/lowlight-3.x

renovate/golang.org-x-sync-0.x

renovate/major-dev-dependencies

renovate/github.com-wneessen-go-mail-0.x

feature/better-filter-syntax

fix/tiptap-task-list

renovate/flexsearch-0.x

feature/zod-schema

renovate/github.com-typesense-typesense-go-1.x

renovate/github.com-golang-jwt-jwt-v4-5.x

automatic-year-range-for-go-header-template

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

release/0.13

v0.23.0

v0.22.1

v0.22.0

v0.21.0

v0.20.4

v0.20.3

v0.20.2

v0.20.1

v0.20.0

v0.19.2

v0.19.1

v0.19.0

v0.18.1

v0.18.0

v0.17.1

v0.17.0

v0.16.1

v0.16.0

v0.15.1

v0.15.0

v0.14.1

v0.14.0

v0.13.1

v0.13

v0.12

v0.11

v0.10

v0.9

v0.8

v0.7

v0.6

v0.5

v0.4

v0.3

v0.2

v0.1

Labels

Clear labels   

dependencies

  

duplicate

This issue or pull request already exists

  

help wanted

Need some help

  

invalid

Something is wrong

  

kind/bug

Something is not working

  

kind/feature

New feature

  

needs reproduction

  

question

More information is needed

  

security

  

wontfix

This won't be fixed

No Label

dependencies

duplicate

help wanted

invalid

kind/bug

kind/feature

needs reproduction

question

security

wontfix

Milestone

Clear milestone

No items

No Milestone

Assignees

Clear assignees

No Assignees

2 Participants

Notifications

Subscribe

Due Date

The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: vikunja/vikunja#846

No description provided.