Possible Security Bug - discuss - lists.mariadb.org

newer
Advice concerning inconsistent...

Possible Security Bug

older
Re: Setting up a jira self hosted...

Gordan Bobic

24 Mar 2024 24 Mar '24

3:11 p.m.

Hi, What is an appropriate forum for discussing what seems to be a security bug that I ran into?

Reply

Sign in to reply online Use email software

Show replies by date

William Edwards

24 Mar 24 Mar

3:28 p.m.

Op 24 mrt 2024 om 15:12 heeft Gordan Bobic via discuss <discuss@lists.mariadb.org> het volgende geschreven:

Hi,

What is an appropriate forum for discussing what seems to be a security bug that I ran into?

From https://mariadb.com/kb/en/security/: “Sensitive security issues can be reported on https://hackerone.com/mariadb or sent directly to the persons responsible for MariaDB security: security [AT] mariadb (dot) org.”

_______________________________________________ discuss mailing list -- discuss@lists.mariadb.org To unsubscribe send an email to discuss-leave@lists.mariadb.org

Reply

Sign in to reply online Use email software

Sergei Golubchik

3:35 p.m.

Hi, Gordan, mariadb.org has a standard https://mariadb.org/.well-known/security.txt page, that contains: Contact: https://hackerone.com/mariadb Contact: security@mariadb.org Encryption: https://mariadb.org/security_at_mariadb_org.asc Acknowledgements: https://hackerone.com/mariadb/thanks Policy: https://mariadb.org/about/security-policy/ Signature: https://mariadb.org/.well-known/security.txt.sig Release Packages Signature: https://mariadb.org/mariadb_release_signing_key.asc In other words, you are advised to use either hackerone or security@mariadb.org email. Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org On Mar 24, Gordan Bobic via discuss wrote:

What is an appropriate forum for discussing what seems to be a security bug that I ran into?

Reply

Sign in to reply online Use email software

Gordan Bobic

3:55 p.m.

Many thanks. On Sun, Mar 24, 2024 at 4:35 PM Sergei Golubchik <serg@mariadb.org> wrote:

Hi, Gordan,

mariadb.org has a standard https://mariadb.org/.well-known/security.txt page, that contains:

Contact: https://hackerone.com/mariadb Contact: security@mariadb.org Encryption: https://mariadb.org/security_at_mariadb_org.asc Acknowledgements: https://hackerone.com/mariadb/thanks Policy: https://mariadb.org/about/security-policy/ Signature: https://mariadb.org/.well-known/security.txt.sig Release Packages Signature: https://mariadb.org/mariadb_release_signing_key.asc

In other words, you are advised to use either hackerone or security@mariadb.org email.

Regards, Sergei Chief Architect, MariaDB Server and security@mariadb.org

On Mar 24, Gordan Bobic via discuss wrote:

...
What is an appropriate forum for discussing what seems to be a security bug that I ran into?

Reply

Sign in to reply online Use email software

235

Age (days ago)

235

Last active (days ago)

Download

3 comments

3 participants

tags

participants (3)

Gordan Bobic
Sergei Golubchik
William Edwards