Responsible disclosure @ Lucee?!


#1

Hi there,
I have some issues with the Lucee admin security, and want to report a security issue/bug about it. I can’t find any information on how to report a security issue to Lucee responsibly.
Off course there is Jira, but it unfortunately always shows the issues online.

So, my question is: how to do responsible disclosure to Lucee?

And, my suggestion is: put the answer on your website as well :wink:

Thanks, kind regards,

Paul Klinkenberg


#2

You should be able to email hello@lucee.org and the correspondence will be escalated to the relevant parties internally at LAS. Alternately, you could try private messaging Patrick the Product Manager at @IamSigmund


#3

Thanks Geoff. I mailed him now :slight_smile: