Security vulnerability

hey guys ,
i found many vulnerability in lucee server source and i sent report their github page after 2 month they dont response ! why ? :expressionless:

1 Like

What do you mean exactly by

They have a dedicated email address for security issues specified on the security section, and I know they take security reports very seriously (as they have shown in the past discoveries). But I don’t know how to send reports to guthub.

2 Likes

As Andreas mentioned it be good to know where you have sent it exactly to. Tomorrow CFcamp conference will start and if we could get more information we could ask the guys directly

1 Like

Are you also going to be there @gunnar.lieb ? I’m on my way.

i sent reports to their github

https://github.com/lucee/Lucee/security/advisories/GHSA-j7g6-48p5-q9hq
https://github.com/lucee/Lucee/security/advisories/GHSA-3x57-5p9g-v888

Yes. @NULL_BYTE I will check

1 Like

thanks

I had a quick chat today, according to Zak and Micha from Lucee, the issues will be fixed with the next stable release and then published. I don’t know why there was no response to you. I think this should have been handled better.

hmm thanks , but they dont triage and accept issues , idk why , btw thanks

Unfortunately communications from the Lucee team has been almost nonexistent lately. I’m sure they are busy and we all appreciate that but it would be nice to hear from them every once in a while on what is going on.

Just posting “live” to you all from cfcamp2024 in Munich. The Lucee Team is more alive than ever! They had lots of stuff, merged lots of open PR, and are now supporting the Websocket Extension… @ajmercer did an awesome live session showing them in action! Some really cool presentations and seeing @Zackster was super!!! Meeting others like @gunnar.lieb was also great! Ahhh …Looks like the Websocket Extension is moving from Beta to RC these days, if it didn’t happen already! this CFCAMP was AWESOME!!!

Again, they need our Help for community stuff! Keep an eye on the github merges and Jira as well, so you’ll see their continuous, almost daily work!

Feels great to see the work going on!

8 Likes

Ahhh, besides… even this not beeing an ACF forum and a little offtopic… this is somehow cfml related: it was really great to also see Adobe and Mark Takata showing up with commitment to the CFML-community outside the US. It was a really nice CFML event.

Additionally thanks @bennadel for the awesome gift of your cool “Feature Flags” book. We missed you here a lot, and we’ll hopefully have some German selters here with you next year :smiley:

6 Likes

I really hope you enjoy it! And huge thanks to @agentK and @madmike_de for including me in the festivities :slight_smile:

4 Likes

We have to say thank you for letting us print this awesome present!

3 Likes