reporting a vulnerability

Advertisement

Piru
Joined:
Posts:
1

reporting a vulnerability

How should a vulnerability in WinSCP be reported?

I would want to keep embargo on the issue while the authors triage the issue, so posting it to this forum likely isn't a good idea.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
30,054
Location:
Prague, Czechia

Re: reporting a vulnerability

Thanks for your post.
I'm sending you an email to the address you have used to register on this forum.

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
30,054
Location:
Prague, Czechia

Re: Fix for 5.13

MrPippin wrote:

Any chance this is being backported to 5.13?
I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

Reply with quote

Advertisement

slfields
Joined:
Posts:
1
Location:
USA

Re: Fix for 5.13

martin wrote:

MrPippin wrote:

Any chance this is being backported to 5.13?
I'll consider it.
But to be honest, this is such a negligible problem.
Are you not trusting your server?
And are you actually using SCP protocol at all?

The primary reason I ask is that version 14 is still considered a release candidate, and this is a product deployed widely in our organization. We can’t speak to what sites are users are connecting, or trusted.

Reply with quote

Advertisement

You can post new topics in this forum