dear sac,
do you thing, you could handle this?
j
---------- Forwarded message ---------
From: researcher@port43.consulting
Date: Fri, 7 Jul 2017, 17:37
Subject: Responsible Security Disclosure
To: <info@osgeo.org>
During the course of a security research project I was completing, your site foss4g.org was discovered to have a serious security vulnerability present. The goal of this email is to responsibly disclose this issue to you so your technical team can mitigate the issue as soon as possible and minimize any impact. If you have an active bug bounty program you would like me to report additional details through please reply with contact information. Technical Details: The source code of your site is exposed at the root of your site at foss4g.org/.git/
Hi Jachym,
Thanks for reporting this. I've denied viewing of .git folders on that domain through Apache. Let me know if it works for you. thanks,
-jeff
--
Jeff McKenna
President Emeritus, OSGeo Foundation
http://wiki.osgeo.org/wiki/Jeff_McKenna
On 2017-07-07 12:43 PM, Jachym Cepicky wrote:
dear sac,
do you thing, you could handle this?
j
---------- Forwarded message ---------
From: <researcher@port43.consulting>
Date: Fri, 7 Jul 2017, 17:37
Subject: Responsible Security Disclosure
To: <info@osgeo.org <mailto:info@osgeo.org>>
During the course of a security research project I was completing, your site foss4g.org <http://foss4g.org> was discovered to have a serious security vulnerability present. The goal of this email is to responsibly disclose this issue to you so your technical team can mitigate the issue as soon as possible and minimize any impact. If you have an active bug bounty program you would like me to report additional details through please reply with contact information. Technical Details: The source code of your site is exposed at the root of your site at foss4g.org/.git/ <http://foss4g.org/\.git/>