reporting a vulnerability

Advertisement

Piru
Joined:
Posts:
1

reporting a vulnerability

How should a vulnerability in WinSCP be reported?

I would want to keep embargo on the issue while the authors triage the issue, so posting it to this forum likely isn't a good idea.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
31,935
Location:
Prague, Czechia

Re: reporting a vulnerability

Thanks for your post.
I'm sending you an email to the address you have used to register on this forum.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
31,935
Location:
Prague, Czechia

Re: Fix for 5.13

MrPippin wrote:

Any chance this is being backported to 5.13?
I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

Reply with quote

Advertisement

slfields
Joined:
Posts:
2
Location:
USA

Re: Fix for 5.13

martin wrote:

MrPippin wrote:

Any chance this is being backported to 5.13?
I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

The primary reason I ask is that version 14 is still considered a release candidate, and this is a product deployed widely in our organization. We can’t speak to what sites are users are connecting, or trusted.

Reply with quote

slfields
Joined:
Posts:
2
Location:
USA

Re: Fix for 5.13

slfields wrote:

martin wrote:

MrPippin wrote:

Any chance this is being backported to 5.13?
I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

The primary reason I ask is that version 14 is still considered a release candidate, and this is a product deployed widely in our organization. We can’t speak to what sites are users are connecting, or trusted.

Any update if this could possibly be released in 5.13?

Reply with quote

Advertisement

You can post new topics in this forum