flower icon indicating copy to clipboard operation
flower copied to clipboard

Published 20 hours ago verified publisher icon mher

Security Contact for Flower

Open tprynn opened this issue 2 years ago • 2 comments

I've attempted to reach out to disclose security issues in Flower by emailing the owner of the repo (@gmail.com) as well as contacting other members of the Celery project. I haven't been able to get a response as of yet. Is there any maintainer of this repo who can contact me ([email protected]) in order to disclose these issues? I also have a PR to fix the issues but would prefer to review the PR on a private repo before making it public.

tprynn avatar Apr 26 '22 16:04 tprynn

In the absence of a security contact for the project, I plan to disclose the issue (with a PR fix and in a blog post) on May 17 (two weeks from now).

@mher please respond if you're still maintaining the project! Thanks

tprynn avatar May 03 '22 14:05 tprynn

I've delayed the disclosure for a short time to allow a project which depends on flower to make a new release.

tprynn avatar May 17 '22 14:05 tprynn