[rt-users] urgent: disable search for new watchers

Jesse Vincent jesse at bestpractical.com
Fri Jun 19 07:26:21 EDT 2009


On Fri, Jun 19, 2009 at 10:22:45AM +0200, Violetta J. Wawryk wrote:
> Hello,
> 
> Thanks to all who answered. I cannot believe that noone ever thought of 
> this as a security bug.

The "full" interface of RT is really intended as an interface for staff
which is likely why you're finding that nobody else considers this a
security issue.

> Since a collegue found another security issue, can anyone tell me an 
> emailadress where to send security issues that should definitly not be 
> public?

Certainly. Please email security at bestpractical.com.  Thanks very much
for your diligence. 

Best,
Jesse Vincent
Best Practical



More information about the rt-users mailing list