- From: Arnaud Desitter <arnaud02@users.sourceforge.net>
- Date: Thu, 20 Nov 2008 09:46:12 +0000
- To: "John Haugeland" <john.haugeland@kayako.com>
- Cc: html-tidy@w3.org
After discussion with John, it turns out to be unrelated to HTML tidy. Regards, 2008/11/18 John Haugeland <john.haugeland@kayako.com>: > We have become aware of a very serious XSS injection in HTML Tidy (several > weeks late because securityfocus does not report defects to vendors, which > is a significant problem of its own right.) I am prepared to provide a > trivial patch to close it. > > > > What is the appropriate process for reporting security defects in private, > to allow the patch cycle to close the problem without aggravating it?
Received on Thursday, 20 November 2008 09:48:16 UTC