Hi,
I think I noticed a security concern in the speakeasy site, can I contact you by mail or any other tool?
I think I noticed a security concern in the speakeasy site, can I contact you by mail or any other tool?
security concern
obviously I do not want to post it here
yes, thanks for looking into it! You can contact me on m15o@posteo.net
Hey!
I want to create an instance this weekend, but perhaps it could wait. How serious that concern could be alexehm?
I want to create an instance this weekend, but perhaps it could wait. How serious that concern could be alexehm?
wow I'm so glad eaplmx! Let me know if you need any help :) The code is available on https://hg.sr.ht/~m15o/mebo. I haven't written any guide yet, but will do so tomorrow!
the issue is not very serious, it is almost more of an "annoyance" than real security
I cannot find the issue tracker on sourcehut, it looks like the url parsing pattern includes a dot at the end of the url like in your post above
Thanks a ton, alexlehm! The security issue has been fixed. I've added a csrf token to each form. Good tach for the url that also includes the final '.' -- I'll work on that one soon! Let me know if you find other bugs!
great, it looks like it is fixed now
i am wondering if you use a issue tracker or it we just should write here in the forum
i am wondering if you use a issue tracker or it we just should write here in the forum
<p>like the favicon is missing, but that is not really a bug<p>
I have done a few more tests with reply/edit/delete and it all looks secure now
thank you alexlehm! Let's move the discussions around the software to https://mebo.m15o.net/ :)