Security vulnerabilites - where to report?

[irsl]

I just identified some critical security vulnerabilites in this project - let me know where to report them - if this project is not completely dead yet.
Note: I'm going to publish an advisory about them.

[GwynethLlewelyn]

Hi,

I know... it's been a few years... but it seems that the best person to communicate critical security vulnerabilities is @JonDeG, who fixed a few... back in 2015 😞

[pushpen]

were these published anywhere?

[irsl]

https://seclists.org/fulldisclosure/2018/May/30

[GwynethLlewelyn]

@irsl, thanks for publishing those vulnerabilities!

It's a pity, actually, since I love(d) ProjectPier, but it became impossible to patch it myself to get it to run under PHP 8.0+, so I followed your recommendation and moved to a different (but similar) application...

[pushpen]

@GwynethLlewelyn Please tell which application.

[GwynethLlewelyn]

@GwynethLlewelyn Please tell which application.

Completely off-topic, but I'm using dotProject. Aye, I'm aware it also has many security issues; and I have forked it to get a version that runs under PHP 8.0; granted, I haven't gotten the time to finish everything, but 90% of the functionality should be working, with some quirks here and there. The maintainers of the GitHub repository, however, are a bit silent — never a good sign — taking into account that they have a huge PR to review...

I did start on doing the same for ProjectPier, but it was simply way too much work — the codebase is simply way too old to get it to run on any recent version of PHP.