[rt-users] urgent: disable search for new watchers
Jesse Vincent
jesse at bestpractical.com
Fri Jun 19 07:26:21 EDT 2009
On Fri, Jun 19, 2009 at 10:22:45AM +0200, Violetta J. Wawryk wrote:
> Hello,
>
> Thanks to all who answered. I cannot believe that noone ever thought of
> this as a security bug.
The "full" interface of RT is really intended as an interface for staff
which is likely why you're finding that nobody else considers this a
security issue.
> Since a collegue found another security issue, can anyone tell me an
> emailadress where to send security issues that should definitly not be
> public?
Certainly. Please email security at bestpractical.com. Thanks very much
for your diligence.
Best,
Jesse Vincent
Best Practical
More information about the rt-users
mailing list