Security issue
criticskate at protonmail.com
criticskate at protonmail.com
Tue Oct 21 12:11:53 PDT 2025
I see, thanks for the clarification.
On Tuesday, October 21st, 2025 at 7:10 PM, Christian Marangi (Ansuel) <ansuelsmth at gmail.com> wrote:
> Il giorno mar 21 ott 2025 alle ore 21:07 criticskate at protonmail.com
>
> ha scritto:
>
> > Per openwrt[.]org/docs/guide-developer/security, I emailed contact at openwrt dot org to report a security issue yesterday. The page also states "in case you do not get an answer or it is important please use our public mailing list". I do not agree with the idea that security issues should be disclosed on a public mailing list, so I am simply stating here that it would be wise for whoever has access to the contact@ email to check the report.
> >
> > To be clear, the vulnerability I've reported is complex and would require unusual circumstances to exploit in practice, so it is not a critical issue. However, it would be ideal to check on the report and possibly fix it as the fix is not too complicated.
>
>
> Thanks for the report!
>
> Just to make it clear, "in case you do not get an answer or it is
> important please use our public mailing list" we intend to say that
> you would warn us not
> disclose it publicly (just as you did).
More information about the openwrt-adm
mailing list