pull down to refresh

100 sats \ 10 replies \ @ek 30 Apr
Thank you.
All information regarding how to do a responsible disclosure should be in our README here, in the FAQ or here. I thought these are pretty common locations.
@holonite, where did you look? Where should we put it such that people can find it?
reply
I was initially planning to DM you with these but now I'll upload it via GitHub. I think there should be another page link in the SN header as a pinned post for 7 days in suppose glowing neon saying "Beginners here!" for accounts that are not atleast 1 week old. I will include other ideas in the GitHub issue.
reply
100 sats \ 8 replies \ @ek 22h
Is this your critical report? If so, that wasn't a responsible disclosure as described in the three links I sent you.
reply
And the link I shared to the security advisory page on the GH repo
reply
lol, after all that
reply
0 sats \ 0 replies \ @anon 22h
lol
reply
you sent me 3 links? where?
reply
100 sats \ 1 reply \ @ek 22h
I replied to your report on Github.
I am still interested in the XSS vulnerability you said you found.
reply
  1. Same https://github.com/stackernews/stacker.news/issues/2144#issuecomment-2845280638
  2. i was wrong - i thought the credits settings form was exploitable
100 sats \ 1 reply \ @ek 22h
reply
extremely sorry I didn't notice that. Will you accept the issue one or will I create a security advisory?