reporting a vulnerability

Advertisement

Piru
Joined:
Posts:
1

reporting a vulnerability

How should a vulnerability in WinSCP be reported?

I would want to keep embargo on the issue while the authors triage the issue, so posting it to this forum likely isn't a good idea.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

Re: reporting a vulnerability

Thanks for your post.
I'm sending you an email to the address you have used to register on this forum.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
41,518
Location:
Prague, Czechia

Re: Fix for 5.13

@MrPippin: I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

Reply with quote

Advertisement

slfields
Joined:
Posts:
2
Location:
USA

Re: Fix for 5.13

The primary reason I ask is that version 14 is still considered a release candidate, and this is a product deployed widely in our organization. We can’t speak to what sites are users are connecting, or trusted.

Reply with quote

Advertisement

You can post new topics in this forum