Hi Scott, Serious security problems should not be fixed via pull request - please responsibly disclose these by e-mailing them (with or without patches) to galaxy-lab@lists.galaxyproject.org. The Galaxy core development team will issue patches to public servers before announcing the issue to ensure there is time to patch and highlight these fixes widely. We will provide you credit for the discovery when publicly disclosing the issue. -Dannon On Tue, Aug 11, 2015 at 10:16 AM, Scott Szakonyi <Scott.B.Szakonyi.1@nd.edu> wrote:
Hello all,
In testing our servers for security vulnerabilities, we've detected some cross site scripting and SQL injection problem on our Galaxy server. Is that something that should be reported as a bug/problem? I did search the Trello board but didn't find any open security related items.
Thanks!
-- Scott B. Szakonyi Research Programmer
*Center for Research Computing* 107 Information Technology Center Notre Dame, IN 46556 http://crc.nd.edu
___________________________________________________________ Please keep all replies on the list by using "reply all" in your mail client. To manage your subscriptions to this and other Galaxy lists, please use the interface at: https://lists.galaxyproject.org/
To search Galaxy mailing lists use the unified search at: http://galaxyproject.org/search/mailinglists/