WordPress.org

Make WordPress Core

Opened 2 months ago

Closed 2 months ago

Last modified 2 months ago

#41865 closed defect (bug) (invalid)

Have not received response at Hackerone

Reported by: zhk Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.8.1
Component: General Keywords:
Focuses: Cc:

Description

Hi team,
I've submit a security at Hackerone, 5 days passed, but I have not received any response again.

Change History (2)

#1 @SergeyBiryukov
2 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed

Hi @zhk, thank you for the report! It's being looked into, the security team will reply when they have a chance.

#2 @aaroncampbell
2 months ago

Hey @zhk,

I appreciate your help in keeping WordPress secure. I looked at the HackerOne report and, while you're right that it hasn't had a response in five days, there had been responses from people on our team eight days ago. It is being looked at.

However, the WordPress core Trac is not the place to get updates on HackerOne reports. Security issues shouldn't be discussed or referenced in public places until they have been resolved and disclosed. Please keep the questions, even ones for updates, on the HackerOne report. Each comment you make there is piped into our security slack channel and gets in front of the eyes of our whole team.

Thanks,
Aaron
WordPress Security Team Lead

Note: See TracTickets for help on using tickets.