Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security Vulnerability Contact #2532

Closed
indianamoreau opened this issue May 25, 2018 · 3 comments
Closed

Security Vulnerability Contact #2532

indianamoreau opened this issue May 25, 2018 · 3 comments
Labels
Bug
Milestone
1.11.8

Comments

@indianamoreau
Copy link

I have discovered a serious security vulnerability in Chamilo LMS, who should I privately contact about it?

I've attempted to email info@chamilo.org but the email seems to be no longer working.
@jmontoyaa
Copy link
Member

jmontoyaa commented May 25, 2018
edited by ywarnier
Loading

Hi, you can contact support at beeznest dot com

@ywarnier
Copy link
Member

We are currently having some issues with mails to the @chamilo.org domain. We are working on this (hopefully a fix should be reached by early June). In the meantime, an alternative e-mail to the company developing most of Chamilo, as specified by Julio above, would be the next right way.

jmontoyaa added a commit that referenced this issue May 29, 2018
@jmontoyaa
Security fix #2532
0de8470 
- Use json_decode/json_encode instead base64
- Add Security::remove_XSSS
@ywarnier
Copy link
Member

This has been reviewed and approved by the reporter, @indianamoreau

@ywarnier ywarnier added this to the 1.11.8 milestone May 29, 2018
@ywarnier ywarnier added the Bug label May 29, 2018
jmontoyaa added a commit that referenced this issue May 30, 2018
@jmontoyaa
Updated with issue #2532
5dae2a4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug
Projects
None yet
Milestone
1.11.8
Development

No branches or pull requests
3 participants
@jmontoyaa @ywarnier @indianamoreau