- From: Arnaud Desitter <arnaud02@users.sourceforge.net>
- Date: Wed, 19 Nov 2008 10:06:21 +0000
- To: "John Haugeland" <john.haugeland@kayako.com>
- Cc: html-tidy@w3.org
Send it to me. Regards, 2008/11/18 John Haugeland <john.haugeland@kayako.com>: > We have become aware of a very serious XSS injection in HTML Tidy (several > weeks late because securityfocus does not report defects to vendors, which > is a significant problem of its own right.) I am prepared to provide a > trivial patch to close it. > > > > What is the appropriate process for reporting security defects in private, > to allow the patch cycle to close the problem without aggravating it?
Received on Wednesday, 19 November 2008 10:07:52 UTC