localgov icon indicating copy to clipboard operation
localgov copied to clipboard
verified publisher icon localgovdrupal

Reporting a vulnerability

Open igibek opened this issue 2 years ago • 2 comments

Hello!

I hope you are doing well!

We are a security research team. Our tool automatically detected a vulnerability in this repository. We want to disclose it responsibly. GitHub has a feature called Private vulnerability reporting, which enables security research to privately disclose a vulnerability. Unfortunately, it is not enabled for this repository.

Can you enable it, so that we can report it?

Thanks in advance!

PS: you can read about how to enable private vulnerability reporting here: https://docs.github.com/en/code-security/security-advisories/repository-security-advisories/configuring-private-vulnerability-reporting-for-a-repository

igibek avatar Apr 10 '23 12:04 igibek

It would be great if you could submit this against the project on drupal.org https://www.drupal.org/project/localgov (Report a security vulnerability link right hand column) there it is opt-ed in for security team support.

ekes avatar Apr 10 '23 12:04 ekes

I believe the underlying issue this related do was covered in a third party Drupal module that received a security update. So this issue can be closed? Can we confirm that this is no longer an issue, and that there is documentation to the effect that security reports are sent via the Drupal security team.

andybroomfield avatar Nov 19 '23 23:11 andybroomfield