There is a high-severity CVE lurking #124
Comments
|
@itrofimow The OSS community would appreciate if you shared these details or at least give a hint as to where the issue is located. Greetings, Steven |
|
Hi @Burnett01! As long as there are some means left (there aren't many, but a few are still present) to communicate this privately with the maintainer i don't think it would be responsible from me to share the details in public. In case nothing works i will go this route, but not yet. If you are worried whether this affects your services running lithium in production, feel free to dm me [email protected] and we will see what can be done. |
|
I will ping you by mail. Thanks for the report. Sorry for the delay, I have very limited time for lithium these days |
|
@matt-42 I've sent you the details in response to your email |
Thanks ! |
|
@matt-42 If you don't have enough time for this, i could potentially craft a patch myself and we could discuss it in mail, like good old days |
|
Hi @itrofimow, that would be great if you have time thanks :)
…On Thu, Mar 30, 2023 at 3:27 PM itrofimow ***@***.***> wrote:
@matt-42 <https://github.com/matt-42> If you don't have enough time for
this, i could potentially craft a patch myself and we could discuss it in
mail, like good old days
—
Reply to this email directly, view it on GitHub
<#124 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAGOV6AKT6IFWLFRJXBAZY3W6WC2XANCNFSM6AAAAAATG5B5D4>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
Hi!
First of all, impressive work with lithium, really pushing some boundaries of performance and usability.
Since there isn't any SECURITY.md or the likes of and my email to you on the matter went unanswered
i'm leaving this issue here to raise awareness.
@matt-42 Feel free to ping me i'f you are interested, and then we could discuss it privately.
The text was updated successfully, but these errors were encountered: