-
-
Notifications
You must be signed in to change notification settings - Fork 568
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
May I ask if it's possible to apply for a CVE for this project if a security vulnerability is found? #2870
Comments
Thanks for bringing this to our attention, @sunriseXu! |
Thanks for your response! |
@sunriseXu Alright, we enabled private vulnerability reporting. 👍🏻 I assume by enabling this setting this issue is resolved. We will discuss the actual security issue privately. |
Thank you! |
@sunriseXu No, I just published it because I thought that's the right thing to do after providing a fix in https://github.com/zauberzeug/nicegui/releases/tag/v1.4.21. Shouldn't GitHub's Dependabot start warning other developers about this security issue in NiceGUI? Please correct me if I'm wrong. |
@sunriseXu I just edited your description to hide any details until I understand what should be part of the public advisory and what not. |
Thank you for the application for CVE, I have confirmed the bug is fixed. I think it is fine to hide details about vulnerability, just a general description is good. Thanks again for everything and have a great day! |
Description
Hi there, recently, I found a security bug in this project, may I ask if it's possible to apply for a CVE for this project if a security vulnerability is found?
The text was updated successfully, but these errors were encountered: