15 lines
641 B
Markdown
15 lines
641 B
Markdown
|
# Security Policy
|
||
|
|
|
||
|
|
## Supported Versions
|
||
|
|
|
||
|
|
Please use the latest release you can find in the CHANGELOG.md.
|
||
|
|
|
||
|
|
## Reporting a Vulnerability
|
||
|
|
|
||
|
|
Please disclose any vulnerabilities found responsibly - report any security problems found to the maintainers privately.
|
||
|
|
For example you can write me a email: lars@moelleken.org
|
||
|
|
|
||
|
|
## Known vulnerabilities
|
||
|
|
|
||
|
|
Portable UTF-8 versions prior to 5.4.26 (released 2019-11-05) have an open redirect vulnerability. The `Bootup::filterRequestUri()` method used a unsecure `header('Location ...` implentation. And because it's most secure to not use this method at all, I decided to disable the function by default.
|